Assigning Test Users

By Matthew Sarrel  |  Posted 2010-03-09 Print this article Print


Assigning Test Users

Having verified from the Groups & Employees tab that directory information had been successfully imported, I assigned some users to a test group. From the Policies tab, I created a test policy and later assigned this policy to the test group. Basically, all of the magic is under that Policies tab.

There are settings for IM, Application and Web, and each category dives down into specific control details. Under IM, I had fine-grained control over AIM/ICQ, Google Talk, Windows Live Messenger and Yahoo Messenger. I could also block or allow 193 additional IM networks and 36 IM portals-a comprehensive listing. I chose to block everything except AIM and, within AIM, to block file transfers.

The USG can be configured to internally route all employee IMs sent over a public network, so AIM messages sent from someone inside to someone else inside never leave the organization. One GUI criticism I have is that I wasn't warned that my settings would be lost unless I saved them before switching tabs.

Similarly, I could choose to block any application from sending or receiving traffic on the network, or allow it. This includes VOIP (voice over IP) applications such as Skype and other bandwidth hogs such as peer-to-peer file sharing. These features don't set FaceTime USG 3.0 apart from the competition.

However, the ability to define words or phrases that can be grouped into a lexicon and blocked is a tremendously useful feature. For example, you can allow a user to visit Facebook but prevent him or her from posting that video of the director of marketing dancing like Elaine from "Seinfeld."

Being Friendly

The Web GUI is straightforward. When an administrator logs in, the first screen is a configurable dashboard: I could add and remove elements such as a chart of the Real-Time Traffic Summary and the Top Ten Applications report. Any report can be added to the dashboard, and the elements on the dashboard can be resized and rearranged by dragging and dropping.

While that's great, the information on the dashboard is not directly actionable. The dashboard is just reporting, and everything else is available through a tabbed interface at the top of the page. There is bare-bones context-sensitive help, but I found it more useful to go to the contents and read through the deployment instructions.

To assess ICAP functionality I also tested using a BlueCoat ProxySG200 running SGOS ProxySG is a secure Web gateway and WAN optimization appliance. It took very little effort on my part to configure the two devices to work together. On the USG I merely navigated to the Configuration tab, then ICAP Services, and then added and edited a new service for the USG to connect to-the ProxySG200. I then did the reverse on the ProxySG200. Another level was added to our defense-in-depth strategy, and this time without having to rip out and replace the foundation. USG 530 integrates with the Squid proxy server as well.

Reporting is a strong point of FaceTime USG 3.0. It took me a little while to get used to the interface, but the pop-up descriptions of each button and column were helpful. It's very easy to drill down to more details just by clicking appropriate links or double-clicking a row. I could quickly go from Top Social Networking Users to a specific user on a specific site, for example.

Reports are highly customizable. There's a Create New Report wizard that other vendors should learn from because it walked me through creating my custom reports just how I wanted them in no time. New reports can be saved; any report can be exported, printed or set to run on a schedule.

Reports tie into a much larger function of FaceTime USG 3.0: regulatory compliance. Meeting requirements by FINRA, the SEC (Securities & Exchange Commission), HIPAA (Health Insurance Portability and Accountability Act) and more can be a drain on resources. For example, FINRA would like all channels (blogs, Twitter, Facebook) monitored for information regarding trades and whether employees are representing their companies or just themselves (if such a thing still exists in corporate America).

The device logs everything it sees and the actions it takes. When logs get too big, they can be moved to an external database.

Employee communications can be stored and analyzed forever. On the bright side, this isn't just for information security. Understanding how employees interact with each other-and with customers-over social networks can provide valuable insight to marketing teams.

Pricing starts at $9,200.

Matthew Sarrel Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse and for more general information on Matt, please see

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel