SurfinCheck(tm) is a plug and play security solution for the
Local Network, supporting Java content inspection, ActiveX blocking and HTML stripping of JavaScript, VBscripts and Plug-ins. The new computing paradigm of Internet downloadables, has introduced a new level of security risk that simply is not answered by a traditional TCP/IP Firewall. Since Java Applets, ActiveX controls, Scripts and Plug-ins are automatically and routinely pushed into the systems of Web users, a new Java security solution is needed to implement an appropriate security policy and determine which entities should be allowed through the gateway and which should be blocked. SurfinCheck protects your Local Network from unauthorized applications originating outside of your corporate environment. It checks downloadables coming through your gateway, scans the Java applets bytecode and compares it to the end-user security policy to determine if the applet should be allowed to load.
General description of SurfinCheck
---------------------------------
SurfinCheck provides it's protection at the gateway. It serves as a
proxy of the end-user browsers, loading the Java Applets for them and
examining their content before delivering them to the end-user machine.
Depending on the Applet content and on the security policy defined for
the end-user, SurfinCheck may block the applet gracefully.
The SurfinCheck product comprises two main components:
1) SurfinCheck Server - This component is the one providing Protection
(as per the Corporate Security Policy). It should be installed on a
Gateway machine since it will serve as a Proxy for the client
browsers. (after the installation, all client browsers should be
configured to use SurfinCheck Server as an HTTP Proxy). As is the
case with most proxy servers, SurfinCheck Server should typically be
placed at the gateway, between the firewall (or directly before the
router if there is no firewall) and the end-users. In cases where
there are other proxy servers in the system, it is preferred to place
SurfinCheck Server closest to the client workstations (rather then
between the firewall and any other proxy server). For a set up where
there are other proxy servers between SurfinCheck Server and the
client end users, all other proxies must support ip forwarding
(i.e. SurfinCheck Server must get the true ip address of the end-user
machine as part of the http request).
2) SurfinConsole - This is your Security Management Console. It is
preferable to install SurfinConsole on a separate machine (so as not
to reduce performance due to SurfinCheck Server load). SurfinConsole
is the User Interface component through which the Corporate Security
Policy is set, Users and Group of Users are defined, reports are
generated and more.
SurfinCheck also uses a shared database file as the repository of the
Users definitions, the Security Policies defined for the Users and of
all Security Events as detected by the system.
System Requirements
-------------------
SurfinCheck Server requirements:
* Pentium
* 32Mb RAM (64Mb recommended)
* Windows NT 4.x
* 15Mb disk
* Windows network - client for Microsoft Networks
* Windows network - file sharing for Microsoft Networks
SurfinConsole requirements:
* Pentium
* 16Mb RAM (32Mb RAM recommended)
* SVGA graphics card and above (resolution of 600x800 or more)
* Windows 95 or NT 4.x
* 10Mb disk
Installation notes
------------------
Install SurfinCheck Server on the gateway machine:
* Run setup.exe to install this SurfinCheck Server component.
* Please be sure to specify correctly whether this is an installation
of a Primary SurfinCheck Server which comprises the Security Policy
repository.
Install SurfinConsole on the Security Administrator machine:
* Run setup.exe to install this SurfinConsole component.
* Please be sure to specify the Host name of the SurfinCheck Server.
Note: Setup SurfinCheck Server and SurfinConsole can work properly with
other gateway devices such as a third party vendor proxy server.
For such a setup, select the 'Devices' button in SurfinConsole,
click the SurfinCheck device icon on the devices list and set the
Proxy settings.
Setup your LAN security policy:
* Using SurfinConsole, define the end-users and the groups of
end-users that will use SurfinCheck's protection.
* Using SurfinConsole, define the General Security Policy and for the
organization, for any group of users you may have defined and for
specific users.
Setup the client browsers on the end-users machines:
* At each of the end-users machines, configure the browser to use
SurfinCheck Server as an http Proxy and clear it's cache.
Note: During installation the user is asked to specify a password,
which is used by the setup program to create a shared directory
on the primary SurfinCheck Server Host containing the central
database files of the system.
Known problems:
---------------
1) If the database file or host name is pointing to a wrong location
(defined in the SurfinConsole setup window), SurfinConsole will not
come up until the problem is corrected. To correct the host name,
