SolaredINsight Web Proxy

SolaredINsight Web Proxy runs under Linux operating system (CentOS 6.7 / RHEL 6.7 distributions). It is designed to protect corporate local networks against the risks associated with the use of Internet resources, as well as to control the use by employees of enterprise resources on the Internet. The protection is provided by complex of measures, including filtering of information content during information exchange over HTTP(S) and FTP over HTTP protocols, user authentication, and user actions logging.

SolaredINsight Web Proxy is successfully competing with other web-proxy class solutions and is an excellent alternative to foreign products in terms of import substitution.

The following are the basic functions of SolaredINsight Web Proxy.

Balancing and fault tolerance

SolaredINsight Web Proxy can operate in one-node configuration, as well as in distributed mode where the solution is installed on multiple servers and data streams are forwarded by an external load balancer. A distributed system is usually used in organizations with a large number of users where high performance and fault tolerance are required. Node performance is monitored by means of balancer, and these are automatically disconnected from request handling process in case of unavailability.

Authentication

In order to specify access rights to web resources based on user groups, SolaredINsight Web Proxy provide several different authentication mechanisms: basic, NTLM, Kerberos, by IP addresses. There is an opportunity to integrate SolaredINsight Web Proxy with Active Directory.

Filtering

You can apply one or more security policies to each user group defined in SolaredINsight Web Proxy. At the same time the filtering can be performed by the following parameters:

  • Participation in group;
  • Resource URL or IP address;
  • Keywords;
  • Schedule;
  • Ports, protocols;
  • Type of transferred file;
  • Websites categories;
  • Etc. (more than 30 parameters).

The system also supports automatic resources lists policy update from external sources.

The following actions can be used in case of security policy violation:

  • Blocking access
  • Access permission either explicit or with the user confirmation request
  • Cookie files modification etc.

It is possible to force the use of HTTPS protocol, if resource supports it.

Users activities and records registration

SolaredINsight Web Proxy allows to monitor user activities on the Internet and to receive a summary of their activities in a variety of statistical reports. There are more than 60 ready report templates. It is possible to generate reports and send them via e-mail by schedule.

SSL traffic control

Traffic decryption is performed using Man-in-the-Middle attack.

Integration with antivirus software

When filtering Internet traffic the transferred files can be checked for the viruses. For this purpose SolaredINsight Web Proxy server can be integrated with Symantec Scan Engine antivirus software, DrWeb, Kaspersky Antivirus and ClamAV.

Ad-blocking

It is possible to block advertisement banners using adBlock database.

Web-resources classification

External services that are third-party solutions for example, Bluecoat or iAdmin can be used as web resources classifiers. The local list of categories can be used as well.

Integration with other web-proxies

It is possible to use the upstream proxy.

There is a possibility of receiving the request through ICAP from another proxy, analysis of the obtained data in accordance with policy and transfer of made decision in synchronous mode.

An archiving can be selected as one of a policy action, that is saving POST query data to local file storage or archiving, analysis and management of SolaredINsight Core.

SolaredINsight Web Proxy management

The solution is controlled by web-UI through encrypted HTTPS protocol.

The UI provides the following features:

  • Security policy management, including management of resource lists;
  • Users management;
  • Reports setting up and viewing;
  • Basic system configuration and management of user roles.