Professional Documents
Culture Documents
Blackbox Console Server Manual v2021.04.28
Blackbox Console Server Manual v2021.04.28
Prime Server
Server Side Installation
and
Configuration Manual
SYNERSOFT TECHNOLOGIES
PRIVATE LIMITED
INDEX
Sr. Chapter Page
Introduction 1
BLACKbox Prime Server Control Centre 4
A Implementation of Force centralization 6
1. Creation of New User 8
2. Drive Access 18
B VPN Configuration (Work From Home Ready ) 20
C Apply / Restore Policy 23
D File Permission Manager 24
E Active Recycle Bin 27
F Backup Configuration 29
Invoke Backup console 30
Adding Backup Schedule 31
Backup Server Console 36
Backup Logs 39
Logs of Mails 40
H Understanding of Backup Report of BLACKbox 41
I Understanding of Backup Report of DCDR 43
J Configuration of Vault and Workspace 44
K USB Controls 46
L Email - Email Vigilance 48
M POP Users - Email Setup 56
Distribution List 62
Application Settings 66
SMTP Settings 69
POP Settings 72
Monitor 75
Log 77
N Email Shadowing and Restore 79
O Configuration of Happy Hours 83
P Internet Settings 86
Managing Internet Users Using Account Manager 87
Managing Web Filter 95
Content Filter 103
Trusted Sites 106
Port Binding 108
Log Details 111
Proxy Setting 113
Managing Request for Temporary Access 117
Monitoring Internet Access Log 121
Q Configuration and Usage of PBO Settings 123
R Deduplication Configuration and Understanding of Report 131
S Configuration of Dual Profiling 140
Glossary 147
Introduction
1
Features:
Firewall ||| Centralized data storage ||| Automatic backup of users’ documents and
email data ||| No possibility of data theft by Pen Drives, Removable Media ||| Complete
Control on Software to be used by users ||| Complete control on giving permissions to
users on certain documents, folders, printers ||| Comprehensive EDP audit ||| Secured
Internet Sharing ||| IP, MAC Address, User Authentication ||| Web Site Black List |||
Web Site White List ||| Bandwidth Usage Control ||| User Level Bandwidth Allocation
||| User Level Internet Privilege Definition ||| Global White Lists for Anti Virus
Updates / Windows Updates ||| User Wise Internet Usage Reports ||| Full Fledged Mail
Server ||| User Privileges By All External Emails ||| User Privileges By Limited
External Emails ||| User Privileges By Only Internal Emails ||| Group Wise Email
Vigilance (Incoming & Outgoing) ||| User Privileges By BCC Denial ||| Single
Location Virus Scan of Emails ||| Large Email Download Timing Configuration |||
Compatible with All Popular Email Clients like MS Outlook, Outlook Express, Apple
Mail, Incredimail etc. ||| Gmail Compliant ||| Anti Spam System (Optional).
Benefits:
||| Need Based Software Permissions to users : Account users only get access to MS
Office, Tally or any accounting Package or ERP
||| Centralized Data storage: Users’ hard disks are disabled. All data (emails and
documents) is stored on central server.
||| Automatic Backup: All data (emails and documents) is backed up automatically on
desired media and with desired version.
||| No Time Pass Activities: Games, movies, videos, music are disabled. Only work related
software is available.
||| No permission to install new software: User can not install anything on computer
without the prior permission of management.
||| Extra Ordinary Performance: Very fast computing on low configuration hardware or
thin client.
||| No Pen drives / Removable drives: Users cannot use pen drives or removable drives
without admin permission.
2
||| Comprehensive EDP Audit
Top of document
3
BLACKbox Prime Server Control Centre
Invoke BLACKbox internet server by double clicking on BLACKbox short cut icon. The control
centre will appear on screen.
This is used to start / stop / configure primary services of BLACKbox series of firewalls.
Make sure that Firewall, Mail Server and Internet Server services are running
Service can be stopped and / or restarted from this GUI
2.5 Provide Login Security
Once the BLACKbox control centre is invoked it, is time to ensure that login security is provided
by clicking on Options button of control centre.
4
Click on Option button it will prompt with another screen called Password Console. With this
console an Installation Engineer can provide user authentication by checking Password required
checkbox. Thus Password Console provide following features:
Top of document
5
(Implementation of Force centralization)
6
(To be used for data force centralization )
BLACKbox provides features like autocratic data centralization, pen drive control and automatic
data backup to control the data environment. For this purpose it uses the Desktop and Backup
modules of the BLACKbox console.
Let us first understand the data centralization and pen drive control part using Desktop module
which has two tabs viz. 1) Users and 2) Computers:
Top of document
7
3.1 Users Tab of Desktop Module
(Creation of New User)
Double click on BLACKbox console shortcut available on desktop. Once the administrator is
authenticated, the following screen will appear:
Double click on Desktop icon of server console. The following screen will be displayed.
8
We have two tabs available in the menu bar i.e. ‘Users’ and ‘Computers’. Using these tabs an
administrator can control the data access of the users, storage drives of each computer available
in LAN and also the usage of computer by specific user(s). It is possible that one user can have
access on more than one client machines and one client machine can have more than one users
working on it.
On upper right panel of screenshot, five buttons are located viz. Add, Edit, Copy, Delete and
Select All through which an administrator can manage users.
Adding User:
Let us understand the Add button which helps us to add a new user and allow us to define
properties of that user. Click on Add button and following screen will appear:
User Name: Enter username. The user name can have upper and lower cases of alphabets,
numbers, - but it cannot have special characters.
Password: Enter password. There is no character limit for password.
Confirm: Re-enter the password.
9
Computer Selection:
Computer: The flexibility of BLACKbox software allows one user to use more than one
computer. Hence while creating new user an administrator can assign more than one
computer and their drives to the new user. Select the computer name and click on Edit
button. The following ‘Edit Computer’ screen will be available to allow administrator to
apply the policy and edit the properties of proxy server IP, proxy server port.
10
Once all the properties are entered and saved for all the fields described in topic 21.2 Adding
User, an administrator can save these parameters by clicking on Save button. If he/she wishes to
abandon the entered value, he/she can use Cancel button.
The parameters of created users can be changed by using Edit button. Let us understand how we
can do it.
Refer to topic 21.1. Invoke BLACKbox server console. Refer to Screenshot 21.1.1. Double click
on Desktop module. The data server console will appear on screen as displayed in Screenshot
21.1.2. Click on Users tab. You will have list of users displayed on the screen. Select any one
user from the available users. Click on Edit button located on upper right panel – under Add
button. The following screen will appear:
The screen shows the value of parameters defined for user demo1. We have already explained all
the parameters in topic 21.2 Adding Users, hence we will avoid repeating them again. Refer to
those parameters and change the values to edit the selected user’s properties and provide
necessary access controls of data and USB storage parameters.
11
21.4. Copy User
The purpose of providing this feature is to save administrator’s time in creating more than one
user with similar properties and parameters. An administrator can create one user, save the
properties of that user and while creating other user select that user from the user’s list and select
Copy button. BLACK box will allow him/her to enter username and password of new user and
save the user with all properties of the selected user.
Refer to topic 21.1. Invoke BLACKbox server console. Refer to Screenshot 21.1.1. Double click
on Desktop module. The data server console will appear on screen as displayed in Screenshot
21.1.2. Click on Users tab. You will have list of users displayed on the screen. Select any one
user from the available users say demo 1. Click on Copy button located on upper right panel. The
following screen will appear:
The screen shows the value of parameters defined for user demo 1 with User Name, Password
and Confirm text boxes. Enter the values in these fields and refer to the parameters available in
other text boxes and popup menu boxes. We have already explained all the parameters in topic
21.2 Adding Users, hence we will avoid repeating them again. Click on Save button without
changing any of the value in all the parameters. Thus you will be able to create the new user with
similar properties without wasting time in repeating the data entry of all the parameters. Go on
repeating the steps for all the users.
12
Let us understand how a user can be deleted on BLACKbox server.
Refer to topic 21.1. Invoke BLACKbox server console. Refer to Screenshot 21.1.1. Double click
on Desktop module. The data server console will appear on screen as displayed in Screenshot
21.1.2. Click on Users tab. You will have list of users displayed on the screen. Select any one
user from the available users say user1. Click on Delete button located on upper right panel. The
following screen will appear:
Click on Yes button and user1 will be deleted. Click on No button or Cancel button and you will
go back to Data Server Console.
This feature is provided for operation to be performed on all users. Normally it is used for bulk
deleting of users. Let us understand how it is used.
Refer to topic 21.1. Invoke BLACKbox server console. Refer to Screenshot 21.1.1. Double click
on Desktop module. The data server console will appear on screen as displayed in Screenshot
21.1.2. Click on Users tab. You will have list of users displayed on the screen. Click on Select
All button located on right panel. The following screen will appear:
13
Now, if you will click Delete button then you will be prompted with window shown in
Screenshot 21-6 for deleting all users. You can deselect a user by using CTRL key.
Double click on BLACKbox Prime shortcut available desktop. Once the administrator is
authenticated, the following screen will appear:
14
Double click on Desktop icon of server console. ‘Users’ is the default tab selected. Hence to
manage computers in LAN, an administrator needs to select Computers tab by clicking on it.
Once he/she clicks on Computers tab the following screen will appear:
Under the heading Manage Registered Computers we have table of computers registered in LAN
with the details of Computer Name, Proxy Server’s IP address, proxy port number, USB Drive
Access is allowed or denied and access policy is applied or not. In the upper right panel we have
three buttons located vertically; they are Edit, Delete and Select All. Let us understand functions
of these three buttons:
15
22.2 Edit Computer Properties
Select the computer by selecting entire row of table, whose properties you want to edit. In the
said screenshot first row with computer name pc-112 is
selected. Now click on Edit button. The following window
will appear:
16
22.4 Selecting all computers
This feature is provided for operation to be performed on all computers. Normally it is used for
bulk deleting of computers. Let us understand how it is used.
Refer to topic 22.1. Invoke BLACKbox server console. Refer to Screenshot 22.1.1. Double click
on Desktop module. The data server console will appear on screen as displayed in Screenshot
22.1.2. Click on Computers tab. You will have list of computers displayed on the screen. Click
on Select All button located on right panel. The following screen will appear:
Now, if you will click Delete button then you will be prompted with window shown in
Screenshot 22.3 for deleting all users. You can deselect a user by using CTRL key.
Top of document
17
3.4 Drive Access
Server Selection:
Servers: An administrator can link a user to one or more than one servers. Refer to
screenshot 21.2. In Select Server popup menu you have list of servers. Here, on the right
side of popup menu, three small buttons are located. These buttons are for managing
(Add, Update, Delete button) Servers. An Administrator can add server by clicking on
Add button. Once add button clicked, you will get Add Server window displayed as
below:
18
Map Drives: A drive can be mapped by an administrator for giving access to user to save
and share his/her data on defined server. Refer to screenshot 21.2. In Map Drive popup
menu you have list of drive names. Here, on the right side of popup menu, three small
buttons are located. These buttons are for mapping drives (Add, Update, Delete button).
An Administrator can map drive to give user an access to save data on mapped drives.
Once add button clicked, you will get Add Drive window displayed as below:
Once all the properties are entered and saved for all the fields described in topic 21.2 Adding
User, an administrator can save these parameters by clicking on Save button. If he/she wishes to
abandon the entered value, he/she can use Cancel button.
Top of document
19
B. VPN Configuration
VPN Server is inbuilt feature in BLACKbox and not required any other licenses.
Snap2 :
20
Snap3 :
Snap4 :
21
Snap5:
Top of document
22
C. Apply/Restore Policy:
If it is checked then the following functions will be denied for the user’s access:
Top of document
23
D. Access.Controller / Permission.Manager Profile
Screenshot 3.1 shows the file.trail drive, Users have to work on specified network
locations / Folders for which Duplicate File Report can be generated and Who
deleted what, can be instantly retrieved.
24
Screenshot 3.3 BLACKbox permission.manager
25
Screenshot 3.5 BLACKbox permission.manager in which can provide the read /
write restrictions to the users.
Top of document
26
E. Active Recycle Bin
This profile is called recycle.bin which have active recycle bin and is using to recover the data
from BLACkbox recycle bin. Once No Data is scattered on Desktops, Laptops, Servers and will
be forced centralized on BLACKbox only. Users have no choice where to save data, They can
store data on BLACKbox. So Deleted Data can be instantly restored by BLACKbox Active
Recycle Bin.
Screenshot – 1.1
Screenshot – 1.2
27
Screenshot – 1.3
Screenshot - 1.4
28
BLACKbox Prime Server
Backup Configuration
Top of document
29
F. Backup Module
(To be used for Automatic Data Backup)
BLACKbox provides feature to set the data environment in such a way that a can be automatic
backup can be configured. This backup can be of various nature viz. full backup, incremental
backup, Daily backup etc.
Backup
Double click on BLACKbox Prime shortcut available on desktop. Once the administrator is
authenticated, the following screen will appear:
Double click on Backup icon of server console. The following screen will be displayed.
Top of document
30
Let us understand backup server console screen.
On top of the screen, there are three tabs namely Backups, Drives and Install. Hence Backups tab
will be a default tab selected at the time of invoking Backup feature of BLACKbox. Under the
tab there is a title “Manage Backup Schedule”. Under this heading you will find a table with five
columns viz. Title, Status, Version, Recur, Next Run Time. In the upper right corner you will
find four buttons located vertically. They are Add, Edit, Delete and Select All.
Refer to topic 23.1. Invoke Server console and click on Backup icon. Refer to screenshot 23.1.2.
Click on Add button. The Add Backup window will appear on your screen as below:
31
Let us understand each field, popup menus and small icons along with their functions.
Title: Enter the value of the backup title. It is convention to use the ‘name of the
user_backup’ – example: user1_daily backup.
Version: Enter the number of versions to be taken as backup. If ‘7’ is entered here the
BLACKbox will create 7 versions of backup and on 8th version the 1st version will be
overwritten. Thus on given date there will be last 7 versions of backup available for
restore.
Trigger: It has three small icons viz. Add, Update and Delete to manage the triggers.
Refer to the Add Trigger window displayed below:
Trigger: It is a popup menu with the list of values available for selection of type of
backup. Currently Daily trigger is selected which ensures daily backup.
Start: This field gives date selection window and time selection popup menu. The
default date is current date. Administrator can select future date also to schedule the
backup. The time is selected as 20 hours i.e. 8 PM. It means that the daily backup will
start from the selected date at 8 PM.
Recur Every ___ Days: Administrator has to enter 1 here in the text box to ensure that
the recurrence of backup is after every one day i.e. daily. If you wish to take weekly
backup you can enter 7 here. That will ensure that after 7 days the recurrence of
backup will occur.
Enabled: It is a checkbox. If it is checked then the backup is enabled. If administrator
wants to discontinue the automatic backup he/she will uncheck this checkbox.
Save button: It will help you saving the values and parameters entered in this window.
Cancel button: Click on Cancel button and Add Trigger window will disappear
without saving the parameters.
Folders: The folders which are to be backed up are listed here. We have three small icons
viz. Add, Update and Delete to manage folders. Refer to Add Folder window displayed
below:
32
Source: This text box has a Browse button. Administrator can click on this button and
browse for the folder to be selected. Once selected the folder name will appear in the
table located under Folder prompt. To add more than one folder repeat the Add folder
process again and in the table you will have two folders displayed. The sourced
folders will be backed up as per selected triggers and parameters mentioned in this
window.
Destination: This text box has Browse button. Select the destination where you want
to store the backed up folders. The destination can be any available storage media in
network.
Type: This field has a popup menu with two values viz. Incremental and Full.
Administrator can select one type of backup as per the decided policy.
Enabled: It is a checkbox. If it is checked then the backup of the selected folder is
enabled. If administrator wants to discontinue the automatic backup he/she will
uncheck this checkbox.
Save button: It will help you saving the values and parameters entered in this window.
Cancel button: Click on Cancel button and Add Folder window will disappear
without saving the parameters.
Report Details – Click here button: As the backup information is automatically reported
to the concerned authority there is a need to configure SMTP parameters and email
addresses. This field helps in doing the same. Refer to the Details screen pasted below:
Send Report on IDs: Enter email IDs separated by comma to which an administer
wants to mail the backup report.
Email ID: User’s email Id whose backup is taken.
SMTP host: IP address of SMTP host server.
SMTP port: port number of SMTP host server.
Authentication: It has two values – True and False.
Username: Username for SMTP server authentication.
Password: Password for SMTP server authentication.
SSL: Whether SMTP server is on secured socket license? (True/False)
To save the values entered in the Details dialog box, click on Save button.
Cancel Button: Used to leave window without saving the parameters.
33
Save Button: To save the values entered in the Details dialog box. Once saved, one
backup schedule is added.
Cancel Button: Used to leave window without saving the parameters.
23.3 Editing Backup Schedule Let us understand how a user can edit backup schedule.
Refer to topic 23.1. Invoke Server console and click on Backup icon. Refer to screenshot 23.1.2.
Select a record from the scheduled backup table. In the screenshot “Vishal Sir’s Laptop Backup”
is selected. Now click on Edit button. The following screen will appear:
The screen shows the value of parameters defined for title “Vishal Sir’s Laptop Backup”. We
have already explained all the parameters in topic 23.2 Adding Backup Schedule; hence we will
avoid repeating them again. Refer to those parameters and change the values to edit/delete the
selected properties using small icons available nearby the fields and provide necessary
parameters for the backup schedule and type of backup and we can change Report Details also if
required by clicking Click Here tab which is available at right hand side of Report Details. So
window Details will open.
Refer to topic 23.1. Invoke Server console and click on Backup icon. Refer to screenshot 23.1.2.
Select a record from the scheduled backup table. In the screenshot “Niket’s Email Data Backup”
is selected. Now click on Delete button. The following screen will appear:
34
Click on Yes button and “Niket’s Email Data Backup” schedule will be deleted. Click on No
button or Cancel button and you will go back to Backup Server Console.
This feature is provided for operation to be performed on all backup schedules. Normally it is
used for bulk deleting.
Let us understand how a user can select all rows of backup schedule.
Refer to topic 23.1. Invoke Server console and click on Backup icon. Refer to screenshot 23.1.2
– Backup Server Console. Click on Select All button. The following screen will appear:
Top of document
35
Backup Server Console
The latest version of BLACKbox consists of server side installation process and client side
installation process to observe the Mapping of Drives from another Hardware or Hard drive.
Double click on BLACKbox Prime shortcut available desktop. Once the administrator is
authenticated, the following screen will appear:
Double click on Backup icon of server console. ‘Backups’ is the default tab selected.
Screenshot 24.1.1:
Once he/she clicks on Sever tab the following screen will appear:
36
Server tab available in Backup server console, needs to be added for adding servers where
backup is taken from authentication.
By single click on Add Server you will find the under-given window
37
Let us understand add/ edit server
Screenshot 24.2.1:
By single click on Backup logs you will find the under-given window
Top of document
38
Backup Logs
Screenshot 24.2.2:
Here in screenshot, you can see the backup logs scheduled for full / Incremental backup.
Top of document
39
Logs of Mail
Screenshot 24.2.2:
Screenshot 24.2.2 showing the logs of backup reports in column of backup, time, mail To, sent
At and status.
Top of document
40
H. Understanding of Backup Report of BLACKbox
Subject line displays that the Title mentioned in the backup console and is the heading for
backup.
Backup ID: Backup title assigned one back ID for each and every backup task scheduled
File copied / data copied are number of files and data copied and size of those files since last
successful backup.
41
Drive information shows the associated computers with backup task local and network disk
information. Here local and network drive free space appearing disk wise.
Backup type : there are two types of backup, Full and incremental backup.
Full backup - it takes total data copied from source folder to destination folder.
Total File copied / Total data copied are number of files and data copied and size of those
files since last successful backup.
Top of document
42
I. Understanding of Backup Report of DCDR
Computer : The computer name of user is appearing whose DCDR backup set.
Last update: days since backup is successfully done. 0 day and certain hours mean backup is
happening daily and successfully.
Stage: Completed means backup is completed. Backup means at the time of report backup was
in progress, checking for upgrade means at the time of reporting backup was counting updated
files, compressing means at the time of reporting data was being compressed before sending to
data center.
Changed files, changed data are number of files changed and size of those files since last
successful backup.
Data sent means data sent to data center at the time of reporting since last successful backup.
Data stored means size of data stored on data center for respective device
Top of document
43
J.Configuration of Vault and Workspace
44
Implementation
of
Data Leakage Part /Data Theft Prevention
Top of document
45
Data leakage can be happen through USB, email and Internet. At first we see on USB part.
There are three options available in the list of the values i.e.
READ and WRITE.
46
USB Reports
12. To save the values entered in the Details dialog box, click on Save button.
13. Cancel Button: Used to leave window without saving the parameters.
To save the values entered in the Edit Computer dialog box, click on Save button.
Cancel Button: Used to leave window without saving the parameters.
Top of document
47
L. E Mail Configuration
With emails are becoming one of the most important mediums for communication within the
organization and outside it, it is becoming necessary to provide email accounts to the employees
of an organization with appropriate privileges. It is also inevitable to keep vigilance on incoming
and outgoing mails for various reasons best known to the business people. This goal can be
achieved by using ‘Mail Users’ feature of BLACKbox Prime Server Mail Server.
When we talk of mail users we have to understand that users are the end users who will
send/receive mails through Mail Client like outlook, Eudora, etc. All the users created through
‘Mail Users’ feature should also be created in respective mail client with same user and
password.
Mail Users tab of BLACKbox Prime Server mail server can perform following operations:
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 4.1)
48
Mail Server Console window will open, once user Clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Mail Users tab. .(Screenshot – 4.2)
49
Check the tabs on top of the screenshot 4.2. Mail Users tab is currently in use. Mail Users Tab is
used to add and manage mail users’ account on Mail Server.
Add new Mail User to Mail Server by clicking Add Mail User button.
Edit existing Mail User of Mail Server by clicking Update Mail User button.
Delete existing Mail User of Mail Server by clicking Delete Mail User button.
Add/Update footer, popularly known as ‘Signature’ by clicking Add/Update Footer
button.
In case of need keeps vigilance on Mail Users.
Manage User Groups.
50
Let us start understanding how to create a new mail user.
Following Inputs are needed to be given for creating new users. Inputs marked with * are
compulsory fields while others are Optional fields.
Before moving ahead with other fields let us try to understand how the User Groups are managed
using following screenshot:
Along with mail users, user groups are also managed by Mail Users tab of BLACKbox Prime
Server mail server. And mail user can be assigned to a group.
51
To add Group, an administrator has to click on Add Button. Prompt will be displayed. Specify
Group Name and Email Id for Group. Then click on OK button. It is mandatory to specify both
Name and Email for Group.
To update Group, an administrator has to select any group from the list of groups. Then click on
Update button. Prompt will be displayed. Group name cannot be updated. Only Email Id for that
Group can be updated.
Remove Group
To Remove Group(s) select one or more Groups from list then click on Remove button.
If user is added to any Group then it will automatically be added to Distribution List for that
Group. An entry will be generated in the Distribution List.
Note: If an administrator removes any Group from the list of groups, all references added to that
Group will also be deleted. Entry in Distribution List for that Group will also be deleted.
We continue our description regarding creating mail users, from where we left at the end of
section 12.2. Now we describe other fields which are used to create mail user on BLACKbox
Prime Server mail server.
Forward Local Mail of User [Optional]: Specify comma separated email-ids or local
username to whom you want to forward local mail received by this user.
External Mail Sending Policy [Selective]:
52
By default, user specified in Local Mail user can send mail to any domain i.e.
whole world.
If radio button Local Users Only is selected then user will be able to send mails to
local users only.
If radio button Comma Separated List is selected then the user will be able to send
mails to the email-ids mentioned in comma separated list only.
Restrict Bcc Mails [Optional]: Bcc is a Blind Carbon Copy mail. An administrator can
apply vigilance rules and intercept mails sent by mail user using Bcc option.
By default the user specified in Local Mail user will not be restricted to send Bcc mails.
If an administrator checks the checkbox for this option then he/she also needs to
specify email-address of person, to whom copy of the mail should be sent, in case
this user sends mail as Bcc. This field contains two Options (displayed as radio
buttons): 1) Allow Bcc with Report, and 2) Deny Bcc with Report.
If Allow Bcc with Report radio button is selected then user will be able to
send Bcc mail but copy of this mail will also be sent to specified email
address.
If Deny Bcc with report radio button is selected then Bcc mail will not be
sent, only report will be sent to specified email address.
Restrict User E-mails with attachment [Optional]: There is a checkbox available with
‘Restrict Attachment’ field. An administrator may restrict mail user sending mail with
attachments by checking the checkbox This field contains two options 1) Allow Mail with
attachment 2) Deny Mail with attachment. Thus, if this user sends mail with attachment
then he/she will be able to send mail but it will not be delivered to intended recipients.
User will think that mail is delivered but actually, it will be placed in one folder which can
be seen by administrator only. This both radio button contains two Options: 1) All, and 2)
With Extension or/and more than Size in KB.
53
Figure – 4.5 Attachment restrictions
If Allow Mail is selected, then restricted attachments will be removed from mail
and mail will be sent.
If Deny mail is selected, then mail will not be sent. Will bounce back to user.
54
If an administrator requires socket secure connection then ‘Is SSL’ checkbox
should be checked.
If an administrator requires Transport Layer Security (TLS) then ‘Is TLS’
checkbox should be checked.
If relay IP is added for mail user then user will be authenticated by this username.
Otherwise user will be authenticated by default SMTP server settings.
If ‘Pop Authentication Required’ checkbox is checked then an administrator has
to specify Server and Port number for Authentication. It is require to checked
when you have enable Pop before SMTP option (refer to Chapter 16- SMTP
settings)
To remove mail users, select mail user from the Local Mail User Combo of Mail User tab. After
selecting users, click Delete Mail User button (refer to Screenshot - 4.2). A confirmation window
will appear on clicking Delete Mail User button. Click Yes, if you want to delete this user. After
deletion, this user will not appear in Mail User List table and will not be allowed for sending and
receiving mail through BLACKbox Prime Server Mail Server.
Existing Mail Users can be updated in similar way as explained in sections 4.1, 4.2 and 4.3 of
this chapter. An administrator has to select an existing user from the Local Mail User Combo of
Mail User tab. Update Mail User button is provided to update user
Mail Users tab of BLACKbox Prime Server mail server provides feature to manage footer
customized for each mail user. Refer to Screenshot –4.4
Screenshot – 4.4
55
Use following steps to manage footer:
Top of document
56
M. POP Users
POP is an abbreviation of Post Office Protocol. It is a protocol used by mail clients to download
messages from a mail server on the Internet.
A user may have email account, provided free by a mail service provider. Popularly known mail
service providers are Google (Gmail), MSN (hotmail, live), and Yahoo etc. Or an organization
may have its own domain along with mailing facility and users of this organization are provided
with email accounts on its domain.
In Chapter 1 we have learnt about local mail users. Local mail users must have POP user account.
Let us take an example and understand the scenario.
Using BLACKbox Prime Server mail server, an administrator can manage POP users, whose
messages are downloaded from remote mail server on the Internet, and then distributed locally as
per the mapping list prepared while managing Mail Users tab.
Let us understand in depth, how POP users are managed on BLACKbox Prime Server Mail
Server. We will also use screenshots as and when required.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 13.1)
Mail Server Console window will open, once user Clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Mail Users tab. .(Screenshot – 13.2)
57
BLACKbox Prime Server Internet Server has PopUser tab to create, remove and/or configure
POP users.
First, let us understand how to create POP user. Click on Add button to create POP user. The
following screen will appear:
To add new pop user fills up information in the form as provided by your mail solution
provider.
58
The first three fields viz. Pop User, Email_ID and Password are self explanatory. Specify
POP username, email address of the POP user and password.
In this form, Default User is the user created from user list, who will receive mail if no
email-id in distribution table matches with recipient’s email-id in downloaded mail. (To
learn more about Distribution List refer to Chapter 5.) Select the default user. It can be
configured as per organization policy.
Specify IP address of POP server in POP Server field and port number in POP Port field.
Normally they are provided by mail solution provider.
If you want to connect to Gmail or Gmail like mail server with SSL connection then
check Secure Connection checkbox and provide POP3 Port related to that mail server.
E.g. some mail servers are required to connect on port 995 for SSL connection. By
default, an administrator should specify port number 110.
To keep copy of mail on remote server check Keep Mail Copy checkbox.
Select duration in number of days for keeping copy of mails on remote server.
If Ignore Distribution checkbox is checked then distribution list will not be considered
and mail is directly delivered to default user.
Note: Uncheck Keep Mail Copy checkbox for storage optimization on remote server. Increase of
size of mail box on remote server after exceeding its limit, may stop receiving of new mails on
remote server for that POP account.
The PopUser tab screen will look like following screenshot, once new POP user testing is added
to the mail server.
Screenshot – 13.4 Mail Server Console (PopUser Tab with New Added POP user)
59
13.2 Removing Existing POP User
BLACKbox Prime Server mail server provides facility to remove (delete) existing POP user(s).
Screenshot 13.5
Select POP users from the list of email-ids provided in text box located above three
buttons namely ‘Configure’, ‘Add’, and ‘Remove’. In Screenshot – 13.5 POP user testing
is selected.
Select multiple users by holding CTRL key.
click Remove button and the selected POP user(s) will be removed from mail server.
BLACKbox Prime Server mail server provides facility to configure existing POP user(s).
Screenshot 13.6
60
Select POP users from the list of email-ids provided in text box located above three
buttons namely ‘Configure’, ‘Add’, and ‘Remove’. In Screenshot – 13.6.
Click on ‘Configure’ button and new window Edit POP Users will be displayed. Refer to
Screenshot 13.7.
An administrator can edit settings for existing POP user here. After editing POP user
account, click on Save button. Thus the properties of existing POP users are configured
using Configure button of PopUser tab.
Top of document
61
Distribution List
Distribution List tab of BLACKbox Prime Server mail server can perform following
operations:
We have already described the features of managing local mail users using Mail Users tab of
BLACKbox Prime Server mail server console (refer to Chapter 12). We have also explained that
what is Post Office Protocol and how POP users are managed on BLACKbox Prime Server mail
server (refer to Chapter 13). The most important thing regarding binding of POP users with their
appropriate local mail users’ account, is to define the rules as per the constraints and policy of
the organization provided to the mail server administrator, so as to enable proper distribution of
mails received and proper delivery of the mails sent. Let us understand these rules, which are
common to almost all organization.
Rules: To define rules and apply them to users, it is also important to understand that from
where and how the local users will be accessing their received mails and how they will be
sending their mails. There are possibilities that - 1) some users access their mails sitting in the
office only. Thus their computing devices will be on local area network, and 2) some users are
entrusted with field duties. Hence they may access their mails from outside the office.
Scenario 1 will have two options: 1) user uses single machine or 2) user uses more than one
machine on local area network.
Scenario 2 will have two options: 1) user uses laptop and/or 2) user uses cybercafé or other
means to access their mail.
All these possibilities are managed by BLACKbox Prime Server mail server using Distribution
List feature. Let us try to understand the same.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 14.1)
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Distribution List tab. .(Screenshot – 14.2)
62
Screenshot – 14.1 BLACKbox Control Centre
Under the row of Distribution List tab, two tabs are seen i.e. Recipient Distribution and Sender
Distribution. By default the Recipient Distribution tab is selected. Let us understand how the
mails are distributed by giving an example.
Distribution list contains information for Mail Server for distributing mail to end user depending
on his/her email-id. For example, suppose user SYSTEM sends mail to
general@enewhorizons.net then this mail should be delivered to which users is determined by
distribution list.
63
Screenshot – 14.2 shows Distribution List tab selected and under this tab, Recipient Distribution
tab is selected. In this tab, the Distribution Table shows the email-id general@enewhorizons.net,
which is mapped to local mail users apporv.shah,
An email-id can be mapped to single mail user or multiple mail users depending on
organization’s policy.
Caution:
Improper distribution without any knowledge of intended purpose may cause losing of secret
information among unintended users.
Every user’s email-id must be mapped to respective user or users. If certain user is not mapped
with any email-id then that user will not receive any emails.
Recipient Distribution:
When mail is sent to Email–Ids added in this List, then this mail should be delivered to which
users is determined by distribution list for that Email–Ids.
Sender Distribution:
When mail is sent by Email–Ids added in this List, then this mail should be delivered to which
users is determined by distribution list for that Email–Ids.
Screenshot – 5.1 displays Recipient Distribution list. Let us have a look at Sender Distribution
list. Refer to following screenshot.
64
14.2 Add Email-Id to Distribution List
Let us understand how an Email-Id is added to both Distribution Lists – Recipient and Sender.
Refer to Screenshot 14.2 and Screenshot 14.3.
To add entry to distribution list, type email-id next to “Email_ID” label in Add Distribution
panel.
Then select user to be mapped to the added email-id. An administrator can select user from
Select User list displayed in Add Distribution panel.
Multiple users can be selected by holding CTRL key. After specifying email-id and selecting
users; click Add Entry button. Now this new user entry will appear in Distribution Table.
Let us understand how an Email-Id is removed from both Distribution Lists – Recipient and
Sender. Refer to Screenshot 14.2 and Screenshot 14.3.
To remove email-id from Distribution List select email-ids from Current Email-Id List available
in Remove Distribution panel.
65
To select multiple entries hold CTRL key while selecting email-ids. After selecting email-ids,
click on Delete Entry button. When asked for confirmation, click Yes button if you want to
delete selected email-ids; and click No button or Cancel button if you don’t want to delete
selected email-ids. o that email-id will be removed from distribution table along with its mapping
list.
Application Settings
Application Settings feature of BLACKbox Prime Server mail server can help
configuring properties of following fields:
Path of POP root directory where all users inbox directory will be created.
Path of SMTP root directory where all emails will be stored before delivering
to respective recipients.
Path of directory where all messages delivered to local users will be placed
and used as a backup.
Period during which mail is not allowed to be delivered if it exceeds its size
limit specified in Message Size Limit property in SMTP Settings tab (refer
Chapter 16).
Path of directory where all message restricted by Bcc filter or SMTP filter
will be placed.
Application
BLACKbox Prime Server mail server is application software. Mail server administrator needs to
configure default directories such as POP and SMTP root directory, common directory for all
users’ emails to be stored as backup, directory where all message restricted by Bcc filter or
66
SMTP filter will be placed, etc specifying their properties. It is to be done immediately after
installation of BLACKbox Prime Server mails server. This task is performed using Application
Settings tab.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen. (Screenshot – 15.1)
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Application Settings tab. (Screenshot – 15.2)
67
Properties related to SMTP directory path, user directory, common out directory, etc are set in
this tab.
POP3 Root Directory: Specify path of directory where all users’ inbox directory will be
created. This property should be same as directory path specified for POP3 Root
Directory in Pop Settings tab (refer to Chapter 17).
SMTP Root Directory: Specify path of directory where all mails will be stored before
delivering to respective recipients.
Common All Directory: Specify path of directory where all messages delivered to local
users will be placed. Its purpose is to keep backup of mails. This will be enabled only if
Common Entry property is enabled in SMTP Settings tab (refer to Chapter 16).
Heavy Message Restriction Period: Value in this field indicates period during which
mail is not allowed to be delivered, if it exceeds its size limit specified in Message Size
Limit property in SMTP Settings tab (refer to Chapter 16. Period should be marked in 24
hour “hh:mm-hh:mm” clock format only.
Mail Restricted Directory: Specify path of directory where all messages restricted by
Bcc filter or SMTP filter will be placed. Mail with attachment restriction will also be
placed in other folder.
Click Save Settings button for saving new changes. After successful saving of settings a pop up
window will appear as under:
68
SMTP Settings
SMTP Settings feature of BLACKbox Prime Server mail server can help
configuring properties of following fields:
SMTP port number where mail server will listen for SMTP request.
POP3 port number where mail server will listen for POP3 request.
Number of listeners for handling new mail send request.
Number of sender threads that will listen for delivering mail from mail
server inbox.
Maximum size limit of mail during high load on mail server.
Interval period in seconds after which mail server will look for new message
in SMTP directory path.
Delivery threshold which indicates number of times mail should be resend on
failure before bouncing.
Local domain name.
SMTP Server IP address for delivering mail to remote users.
SMTP Server Port number or remote mail server for delivering mail to
remote users.
Remote Server username and password.
IP address from which mail server can receive mail.
Time range in which user should be authenticated.
Enable Common Entry option if you want to keep mail in common directory
path specified in Application settings tab (refer Chapter 15).
Enable SMTP Filter option if you want to apply SMTP Filter and bcc Filter
and attachment restriction filter else keep this option disable.
SMTP
It is an abbreviation is Simple Mail Transfer Protocol - A protocol for sending e-mail messages
between servers. Most e-mail systems that send mail over the Internet use SMTP to send
messages from one server to another.
BLACKbox Prime Server mail server has SMTP Settings feature through which an administrator
can configure properties of various fields.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 16.1)
69
Screenshot – 16.1 BLACKbox Control Centre
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on SMTP Settings tab. (Screenshot – 16.2)
Screenshot – 16.2 Mail Server Console (SMTP Settings Tab – Top View)
70
SMTP Port: Specify port where mail server will listen for SMTP request.
POP3 Port: Specify port Number where mail server will listen for POP3 request.
SMTP request Listeners: Number of listeners for handling new mail send request.
Sender Thread: Number of Sender threads that will listen for delivering mail from mail
server inbox. The more number of sender threads will utilize processing significantly but
increase speed of delivery when at a time too many mail arrives.
Message Size Limit (in MB) during High Load: Maximum limit in MB for delivering
mail to local users or remote users. Mail will be restricted only if it exceeds its limit and
if it is received in period property specified in application settings tab.
SMTP delivery Interval in Seconds: Indicates interval in seconds after which mail
server will look for new message in SMTP directory path as specified in application
settings tab (refer to Chapter 6).
Delivery Threshold: Indicates number of times mail should be resent on failure before
bouncing. e.g. if Delivery Threshold is 2 and if mail is not sent to intended users in first
attempt due to connection or resource failure then Mail Server will again try to send that
mail after 2 minutes, and again if it fails then mail server will try to resend mail after 4
minutes and again if it fails it will be bounced back to users who has sent this mail. If
Delivery Threshold is set to 10 then mail will be bounced after 10 attempts within 17
hours.
Local Domain Name: Specify any local domain. e.g. Synersoft.in.
Default SMTP Server: Specify SMTP Server IP address for delivering mail to remote
users.
Default Server Port: Specify SMTP Server Port number of remote mail server for
delivering mail to remote users.
Server Username: Specify Remote Server username for authentication.
Server Password: Specify Remote Server password for authentication.
Relay IP address: Specify IP address from which mail server can receive mail. It can be
specified as 192.168.0.* for including entire range of IP addresses of 192.168.0 series.
POP Before SMTP: Enable this property by using radio button Enable, if administrator
wants to specify POP before SMTP Timeout in Seconds.
POP Before SMTP Timeout in Seconds: Specify this property for time range in which
user should be authenticated.
Relay Mail from Address: Specify list of comma separated “from” address that can
send mail. (Not recommended) As From Identity can be changed easily in email-clients
like outlook express.
Common Entry: Enable this option by using Enable radio button if you want to keep
mail in common directory path specified in Application settings tab (refer to Chapter 3
and Chapter 6).
SMTP Filter: Enable this option if you want to apply SMTP Filter, Bcc Filter, and
attachment restriction filter else keeps this option Disable.
Click on Save Settings button and After successful saving of settings a pop up window will
appear as under:
71
Figure - 16.1
Click OK.
POP Settings
POP Settings feature of BLACKbox Prime Server mail server can help configuring
properties of following fields:
POP
It is an abbreviation of Post Office Protocol. It is a protocol used to retrieve e-mail from a mail
server.
BLACKbox Prime Server mail server provides feature of POP Settings through which an
administrator can configure properties of various fields.
Let us try to understand each and every field of POP Settings tab in details.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 17.1)
Mail Server Console window will open, once user Clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on POP Settings tab. (Screenshot – 17.2)
72
Screenshot – 17.2 Mail Server Console (POP Settings Tab)
Mail download Interval in Seconds: Mail Server will download new messages after
every time interval specified in this property. Time interval is in seconds.
POP3 Port: Specify POP3 Port Number. Normally it is 110.
POP3 Common Directory: Specify name of directory where all mails will be stored
after delivering to respective users. Its purpose is for keeping back up of mail on mail
server. Use Browse button to specify the path and directory.
Common Entry: Enable this option by using Enable radio button, if you want to keep
mail copy in common folder at path specified in POP3 common directory path of Pop
Settings tab.
Max Message Size in MB: Specify maximum message size in MB.
Heavy Message Restriction Period: If message size exceeds its limit and it is
downloaded during period specified in this property then this message will not be
downloaded until period specified in this property expires.
73
An administrator can add header to mails. To add header, click on Add Header button. The Add
Header window will open. (Screenshot 17.3)
Note: If header is added then mail header is also parsed for headers added in this fields, to get
recipient email Ids.
To save pop settings, click Save Settings button (refer to Screenshot – 8.1). A pop window will
appear as shown in Figure – 17.1, which indicates successful update of new settings.
Figure – 17.1
click OK.
74
Monitoring Activities on Mail Server
It is necessary for mail server administrator to periodically monitor the activities of mail users of
an organization. Monitor window provides facility of monitoring the activities going on
BLACKbox Prime Server mail server.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 18.1)
75
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Monitor tab. (Screenshot – 18.2)
Console is provided with monitor tab that will refresh information every half minute.
Let us explain the window which monitors mail users’ inbox and SMTP queues.
SMTP Queue indicates number of messages in folder located at SMTP directory path
and total size of all messages in bytes.
Messages in Failed Directory indicates number of messages that were unable to bounce.
76
Managing Log
Log
It is necessary to have a log which stores the information of all the activities of mail server. The
log enables mail server administrator keep audit trail and help troubleshooting the problem.
BLACKbox Prime Server Mail Server provides the feature of maintaining log.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 19.1)
77
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Log tab. (Screenshot – 19.2)
Log viewing facility is provided for troubleshooting of mail server and can be used as an audit
trail. Mail Server keeps log of all activities related to sending and receiving mail. If due to some
reason problem arises it can be easily sort out within matter of minutes by viewing Log.
Administrator can have an instant access to log, generated on various combinations of fields. Let
us understand how scalable this feature is. Refer to Screenshot 19.2.
Log Type: Select from the list of values. The values can be POP Client, SMTP Client etc.
Log Date: Select date, month and year from the list of values.
POP User: Select email id of POP User from the list of values.
Load Log File: After selecting values for above mentioned fields click on Load Log File
button. And the log will be generated and displayed in Log panel.
Top of document
78
N. Managing/Restoring Stored mails
‘Load backup’ facility for each/all user(s)’ emails, sent and received between
selected dates.
Selection of all users and invert selection.
‘Restore’ button to restore the emails of the selected users.
Deletion of backed up emails.
Copy of backed up emails to specified path
Moving of backed up emails to specified path.
Restore
Restore means to retrieve a file from backup. If a file has been accidentally erased or corrupted,
it can be restored if there is a backup.
BLACKbox Prime Server mail server stores sent and received emails of users as a file in a
specified directory. Restore feature of this mail server gives information about all messages sent
by mail user and received by mail user for specified time interval. It also provides facility to
restore details.
Let us understand about how an administrator can manage and restore the stored mails using
Restore tab of BLACKbox Prime Server mail server.
Invoke BLACKbox Control Centre by double clicking on BLACKbox short cut icon. The
control centre will appear on screen.(Screenshot – 20.1)
79
Mail Server Console window will open, once user clicks on Mail Server Button in BLACKbox
Prime Server control centre. Click on Log tab. (Screenshot – 20.2)
Restore tab will give information about all messages sent and received by mail user(s) for
specified time interval. It also provides facility to restore details.
From Date: Select From Date from list of values. It is the date from which an
administrator wants to load the mails of users.
To Date: Select To Date from list of values. It is the date up to which an administrator
wants to load the mails of users.
80
If an administrator wants to get details for all users then he/she should select ALL from
the list of values and then click on Load Backup button. An administrator can select
individual user from the list of values instead of selecting ALL users.
Select INBOX for received messages or select SENT ITEMS for sent messages and then
click on Load Backup button.
Restore panel will display User Backup Directory Info which consists of selection
checkboxes, user, total number of messages sent or received by user and size of messages
in total bytes.
Invert Selection: When an administrator clicks on Invert Selection button it will select
all unchecked users and uncheck all selected users.
Restore: To restore details, select users from List and then click on Restore button. The
will be restored for specified Dates.
Delete Backup: To delete details, select users from list and then click on Delete Backup
button.
Refer to Screenshot – 20.3 to understand Copy Backup and Move Backup buttons.
Screenshot – 20.3
Copy Backup: To copy details at specified Location, select users and click on Copy
Backup button. Window will be opened to specify the path where an administrator wants
to copy details.
81
Move Backup: To move details, select users and click on Move Backup button.
Window will be opened to specify the path where an administrator wants to move details.
Details of that user will be moved to specified location. Then it will not appear in User
Backup Directory Info list.
Top of document
82
O. Happy Hours
Screenshot 5.1 demo1 profile having drive access with limited site access
Here in below screenshot 5.1 you can see the the drive access with office data
along with limited website access. Here hdfcbank.com website is open and
drive.google.com is not opening.
83
Screenshot 5.2 Starting BLACKbox Happy.Hours
Happy hours can be enabled by clicking Happy Hours at bottom side notification.
Happy hour will discontinue the users enterprise profile with data to use internet
without restriction. This will restrict also the enterprise data to use and upload to
internet.
Here download drive / folder enables to store the downloaded data. These
downloaded data can be view as read only to enterprise profile so users cannot
move/copy data to download drive from enterprise profile.
84
Screenshot 5.1 Starting BLACKbox Happy.Hours
After staring Happy hours here in below screenshot 5.2 you can see the the drive
access downloads only and remaining all BLACKbox drives are isolated and
unaccessing. In this you can access Unrestricted Interent and you cannot upload
here any BLACKbox data.
Top of document
85
P.
(BLACKbox Prime Server )
Internet Server
86
Managing Internet Users Using Account Manager
Account Manager -
Account manager provides facility to manage users and their privileges. BLACKbox Prime
Server can perform following operations:
Add new user to Internet Server and provide him internet access by assigning privileges,
thus controlling internet usage. The Privileges are of different nature Viz. a) User
authentication and authorization through password, b) IP address based access for a user,
c) MAC address based access for a user, d) Allowing or Denying access to list of
websites as mentioned in Web Filter feature, e) Assigning a group to the user, thus
providing privileges of pre-defined groups for the internet access, etc.
Edit profile of existing user of Internet Server and modifying its privileges mentioned
above, on requirement basis so as to enable user to enjoy more privileges or limit the
resources.
Delete existing user of Internet Server so as to disallow him from accessing internet.
Report of Internet access details of User and the same can be sent to the authorities via
email address.
Export current user account details in excel file.
Select all existing users, thus allowing BLACKbox administrator to grant privileges at
one go and saving the time of operation.
87
Internet Server Console window will open, once user Clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Account Mgr tab. (Screenshot – 3.2)
Account Manager Tab is used to add and manage Internet user account on Internet Server.
88
Delete existing User of Internet Server by clicking Delete button.
Select all existing users by clicking Select All button.
Export current user account details in excel file by clicking Export button.
Note: This username and password should be conveyed to respective users and user should
be able to access internet via this username and password depending on Proxy Settings.
Password Required:
Check: With this field check, it will prompt user for password depending on
Internet Server Proxy Settings.
Uncheck: With this field uncheck it will not prompt user for password depending
on Internet Server Proxy Settings.
89
IP Address/IP Range: Specify IP Address of user system from where that user will be
accessing internet. You can also specify range of IP address e.g. 192.168.0.8-
192.168.0.10 to specify range of IP address from where that user can access Internet.
Caution: Avoid giving duplicate IP Address or IP Address range to avoid username
conflict. (Example: if 2 users are assigned same IP address or are in same range and one
user has set Password required and other user has not set Password required then it may
prompt for password to both user or may not prompt for password to either user due to IP
conflict).
MAC Address: To assign Mac address click Get Mac Address button of Screenshot –
3.2. A new input window will appear as shown in Figure – 3.1, that will inform to enter
IP address whose Mac address you want to assign.
If you click OK you will get Mac address of entered IP Address in Add User Form or if you click
Cancel current Action will be canceled.
Note: MAC Address can be obtained only of those systems which are connected in LAN.
MAC address helps to prevent IP Spoofing. That is, if all users are given administrative rights on
their system then any user can change its IP address to get access of Internet.
Web Filter: There are three types of web filter available as shown. Description of each
filter is given below:
Figure – 3.2 Web Filter Option
Allow: This will apply allow filter list of this user to current user.
Deny: This will apply deny filter list of this user to current user.
None: User will be given full Internet privilege.
90
Content ID : Select the Content ID from drop down list box. Before using the content ID,
engineer have to create Content ID and it will be explained in latter chapter.
Group: User can select one Group or multiple groups (Using Control Key) .The field
marked with Group helps to manage applying “allow” or “deny” filter to a particular
group. For example, suppose company has four personnel in marketing department and
they want to allow marketing related site to this person they can be directly assigned by
selecting group marketing in “web filter” panel then adding sites which you want to allow
for this group.
Button: It adds New Group. Click on Add button and it will open input dialog
box. Type the name of new group and new group added in Groups list box.
Button : Select a group user wants to remove and click on remove button. The
name of group disappeared in group list box.. Thus an administrator can manage Group
and assign user to a particular Group.
Report for Internet access details of User is send to all Email-IDs added in Vigilance
Email-IDs. Refer figure 3.1 to have a look at the sample report sent through email sent
automatically to Vigilance Email-IDs mentioned.
Vigilance Email-IDs “,” Separated : This field contains the e-mail ids of persons who
has rights to monitor the new user’s internet activities. Every day, one e-mail is sent for
each Internet users to the e-mail Ids mentioned in each users Vigilance e-mail Ids field.
Every internet user may have different vigilance e-mails depending on the organizational
hierarchy structure.
Figure 3.5 describes Internet Access details report of the user ishan.s
91
Figure – 3.5 Report describing internet access details
2011-03-30 17 to 18 0.1074 25
2011-03-30 13 to 14 0.6660 44
2011-03-30 11 to 12 0.4258 74
92
Save New User: After filling all information click Save to create new account. After pressing
save button a pop up window will appear that will ask whether you want to add more users.
Click Yes if you want to create another new account or Click No if you don’t want to create
more accounts.
To edit existing user of internet server, select any of existing users that you want to edit by
clicking on Edit button. Refer to Screenshot – 3.2, in which a user selected.
Edit User form will appear in new window with existing settings for that user. An administrator
can change any of the field as described in add New User form then click save to save new
settings or cancel to close this window.
To delete existing users, click existing user that you want to delete from table as shown in
Screenshot – 3.5.
93
You can select multiple users by holding on CTRL key and selecting users with mouse. After
selecting user or users click Delete button a new confirmation pop up window will appear as
shown in Screenshot – 3.5. Click yes if you want to delete. Click No if you don’t want to delete
or click Cancel if you want to cancel this operation.
Refer Screenshot - 3.3 of Proxy Server Console. For any operation to be applied to all users you
can use Select All button. Thus you can select all existing users with single click and perform
specific operation.
Refer Screenshot - 3.4 of Proxy Server Console. By clicking Export button you can export
account details of all existing users in excel file. The sample report is given in Figure 3.6.
Web Content
Username IP Address filter Bandwidth Filter
192.168.0.100-
aditi 192.168.0.101 deny 0 na
192.168.0.100-
bhavin.k 192.168.0.101 deny -1 filter1
192.168.0.100-
devang.p 192.168.0.101 allow -1 na
Top of document
94
Web Filter
Web Filter: A filter that focuses on World Wide Web traffic is called a "web filter". This feature
provides a mean to allow/deny access to URLs specified in a list, thus providing website filtering.
This is often used in a corporate, educational, or library environment, and anywhere else where
website filtering is desired.
There are two types of web filters namely ‘ALLOW’ and ‘DENY’ which can be managed
through this feature. An administrator can add URLs (websites) to the list or remove
URLs (websites) from both the lists.
Pre-defined users can be loaded and then selected. Web filters can be loaded and applied
to the selected users. The web filters can also be modified by adding or removing URLs
(websites) which are to be applied to the user.
Pre-defined groups can also be loaded and then selected. Web filters can be loaded and
applied to the selected group. The web filters can also be modified by adding or removing
URLs (websites) which are to be applied to the group.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 4.1)
95
Screenshot – 4.1 BLACKbox Prime Server Control Centre
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Web Filter tab. (Screenshot – 4.2)
BLACKbox Prime Server has two types of web filters i.e. Allow and Deny. There is another
option namely None is also provided with Web Filter.
96
By adding or removing websites to Allow filter, an administrator may control the access of
internet usage. Thus a user can be allowed an access to the websites stored in Allow website
database.
An administrator can select users directly. Users are displayed with checkboxes under
Proxy Users heading. In Screenshot – 4.2 we may see that user isheeta.d is selected,
which is a direct selection of user.
Alternatively an administrator can select users by applying filter. To apply filter click on
Apply Selection button. In Screenshot - 4.2 ‘user with allow filter’ is selected. Under this
filter two users are available.
Click Load Filter button to display current websites stored in the Allow Web Filter
database. (As seen in Figure 4.1)
Enter keyword (name of website) in dialog box located next to Add to Allow button and
click Add to Allow.
97
“google” keyword is added in Proxy Users Allow Webfilter and it is assigned to selected
proxy user. (Screenshot 4.2)
In section 4.2, we have explained how to manage Allow Web Filter database and how the same
is applied to proxy user. Exactly in the same way an administrator can manage Deny Web Filter
database and the same can be applied to proxy users.
We will use Screenshot 4.2 to understand the features of adding websites to and/or removing
websites from the database of Deny Web Filter.
Select users directly or by applying filter by Apply Selection button. (Figure – 4.1 or
Figure – 4.2)
Click Load Filter button to display current websites stored in the Deny Web Filter
database. (Figure – 4.1)
Enter keyword (name of website) in dialog box located next to Add to Deny button and
click Add to Deny.
“yahoo” keyword is added in Proxy Users Deny Webfilter and it is assigned to selected
proxy user.
98
Steps to remove websites from Deny Web Filter database:
Note: if Add to Allow and Add to Deny button are highlighted then you don’t require performing
first two steps for current proxy user selection and if multiple users are selected while pressing
Load Filter button then only those filter will appear in filter list (i.e. allow and deny) which are
common among selected users in respective allow or deny filter list.
A proxy group can be created and Users can be assigned to this group. Instead of assigning Web
Filter to a user, an administrator can assign it to a Group (of users). Thus an administrator can be
freed from complex, tedious and time-consuming work of assigning Web Filter to each and
every user of an organization and precious man hours can saved. The second most important
advantage of assigning filter to a Group is avoiding errors in doing complex and tedious work of
assigning Web Filter to individual user. The more the work is complex and tedious the more
errors occurred.
Let us understand how Allow and Deny Web Filters are managed by administrator on
BLACKbox Prime Server Internet Server. Refer Screenshot 4.3.
99
An administrator can manage Allow Web Filter by adding websites to the filter or removing
websites from the filter and assign it to a Group.
Select any Group from the list. In Screenshot – 4.2 we may see that Group accounts is
selected.
Click Load Group Filter button to display current websites stored in the Allow Web Filter
database.
Enter keyword (name of website) in dialog box located next to Add to Allow button and
click Add to Allow.
Figure – 4.6 Add to Allow button
www.sun.java.com
100
Then select keyword (name of website) that you want to remove from the database and
click Remove button.
An administrator can manage Deny Web Filter by adding websites to the filter or removing
websites from the filter and assign it to Group.
“www.orkut.com” keyword is added in Proxy Users Deny Web filter and it is assigned to
selected proxy group.
Note: If ‘Add to Allow’ and ‘Add to Deny’ buttons are highlighted, then you don’t require to
perform first two steps for current proxy Group selection and if multiple Groups are selected
while pressing Load Filter button, then only those filters will appear in filter list (i.e. allow and
deny), which are common among selected groups in respective allow or deny filter list.
Note: If filter is added for Any Group it is applied to all users added in that Group. You can
changed user Group through edit button of Account Manager Tab.
101
Change Filter Settings of User: You can change filter settings of User through edit button of
Account Manager Tab.
None Option in Web Filter List of Account Manager Tab: User will be given full Internet
privilege.
Top of document
102
Managing Content Filter
Content Filter: Content filtering is commonly used by organizations to prevent computer users
from viewing inappropriate web sites or content, or as a pre-emptive security measure to prevent
access of known malware hosts. Some common methods used for content filtering include: URL
or DNS blacklists, or content keyword filtering. Some products have been known to employ
content analysis techniques to look for traits commonly used by certain types of content
providers. Filtering rules are typically set by a central IT department and may be implemented
via software on individual computers or at a central point on the network such as
the internet/proxy server or internet router. Depending on the sophistication of the system used, it
may be possible for different computer users to have different levels of internet access.
BLACKbox Prime Server internet server provides feature of content filter. It is generally used
for those users who are not assigned either Allow or Deny Web Filter. The users who are
assigned third option None Web Filter have full privilege granted to use internet. They can surf
all the websites. Under the circumstance, to prevent misuse of Internet use Content Filter feature
of BLACKbox Prime Server Internet Server. This will prevent misuse by restricting access to
website that contains particular word.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 5.1)
103
Screenshot – 5.1 BLACKbox Prime Server Control centre
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Content Filter tab. (Screenshot – 5.2)
Content Filter will prevent misuse by restricting access to website that contains particular word.
To use Content Filter an administrator needs to create content ID that can be assigned to any user.
And also content filter should be enabled in Proxy Settings (refer Chapter 9 to learn more about
Proxy Settings).
104
Currently in Screenshot – 5.2 we can observe that the word ‘stock’ is selected as Content Filter
and its occurrences are selected as 2. That means the webpage which contains word ‘stock’ as a
content and if it will occur for 2 or more than 2 times, the user will not be allowed an access to
that webpage or website, though the user is not assigned any Web Filter.
Example: Suppose an organization wants to restrict access to http site that contains word ‘jobs’ 5
times. Specify ‘jobs’ word in dialog box located next to “Don’t Allow access to site containing
word” and select number of occurrence as “occurring 5 times”. Then Click Add Filter and it will
appear in table as shown as a word ‘stock’ as Content Filter and 2 as occurrence in Screenshot –
5.1.
Note: Ideally, content filter should be applied to those users, which are given full Internet
privilege.
Caution: Clients can experience high latency in page load if content filter is used
extensively.
Top of document
105
Managing Trusted Sites
Trusted websites are the sites, whose access is to be provided to all users of
an organization.
Trusted sites database can be managed by Trusted Sites tab of BLACKbox
Prime Server Internet Server.
A trusted site is a website that you trust neither to damage your computer, nor the misuse of
internet access resources.
On BLACKbox Prime Server Internet Server, web sites which are added as trusted sites are
accessed by all users irrespective of the web filter assigned to them. Thus organization can
identify the websites whose access are to be given to all users across the organization and inform
the proxy server administrator to add those websites in trusted sites’ database. Once added, they
are accessed by all users of organization.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 6.1)
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Trusted Sites tab. (Screenshot – 6.2)
Use dialog box located under ‘Add Site as Trusted Sites’ heading.
Type website name in the said dialog box.
Click on >>> button.
106
The website will be added as Trusted Sites. You may verify the right panel in which list
of Trusted Sites are displayed.
If an administrator wants to remove a website from Trusted Sites database, then he/she
can select the site from the Trusted Sites list and click on Remove button.
Screenshot – 6.2 Internet Server Console (Trusted Sites Tab )
Use dialog box located under ‘Add Site as Trusted Sites’ heading.
Type website name in the said dialog box.
Click on >>> button.
The website will be added as Trusted Sites. You may verify the right panel in which list
of Trusted Sites are displayed.
If an administrator wants to remove a website from Trusted Sites database, then he/she
can select the site from the Trusted Sites list and click on Remove button.
Top of document
107
Managing Port Binding
Port Binding: Applications that use TCP/IP, such as the web protocol HTTP, have ports with
pre-assigned numbers. Other application processes are given port numbers dynamically for each
connection. When a service (server program) initially is started, it is said to bind to its designated
port number. As any client program wants to use that server, it also must request to bind to the
designated port number. Thus in TCP/IP networks, ports are an endpoint to a logical connection.
The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic.
First let us understand about the port number. In computer networking, a port number is part of
the addressing information used to identify the senders and receivers of messages. Port numbers
are most commonly used with TCP/IP connections. Home network routers and computer
software work with ports and sometimes allow you to configure port number settings. These port
numbers allow different applications on the same computer to share network resources
simultaneously.
Port numbers are associated with network addresses. For example, in TCP/IP networking, both
TCP and UDP utilize their own set of ports that work together with IP addresses.
Port numbers work like telephone extensions. Just as a business telephone switchboard can use a
main phone number and assign each employee an extension number (like x100, x101, etc.), so a
computer has a main address and a set of port numbers to handle incoming and outgoing
connections.
In both TCP and UDP, port numbers start at 0 and go up to 65535. Numbers in the lower ranges
are dedicated to common Internet protocols (like 21 for FTP, 80 for HTTP, etc.)
To have a look at common TCP/IP port numbers please refer to the following link:
http://www.answersthatwork.com/Download_Area/ATW_Library/Networking/Network__2-
List_of_Common_TCPIP_port_numbers.pdf.
108
Port numbers are typically processed by network hardware and software automatically. Normally
you will not see them while casually using a network nor need to take any action involving them.
However, in these special cases you can work with network port numbers:
Network administrators may need to set up port forwarding to allow the port numbers of
specific applications to pass through a firewall. On home networks, broadband routers
support port forwarding on their configuration screens.
Network programmers sometimes need to specify port numbers in their code, such as in
socket programming.
Sometimes, a Web site URL will require a specific TCP port number be included. For
example, http://localhost:8080/ uses TCP port 8080. Again, this is more usually seen in
software development environments than on the Internet.
BLACKbox Prime Server provides port number binding facility to allow port number of specific
applications to pass through a firewall.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 7.1)
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Port Binding tab. (Screenshot – 7.2)
109
Local Port: Port on which Internet server will listen for request.
Server Host and Server Port: Request received from local port will bind to this server host and
server port.
This is precisely used to allow certain port communication behind firewall. For example, you
want to configure outlook settings for POP download and SMTP server. If web host mail server
is mail.synersoft.in, following will be the port binding for POP account:
Port can be unbound by selecting local port and clicking UnBind button.
Note: In client outlook, you have to write IP address of BLACKbox firewall server instead of
using mail.synersoft.in.
110
Managing Log Details
Internet Access Log Details: A listing of events related to internet access is called internet
access log. BLACKbox Prime Server Internet Server stores, maintains and retrieves log of
internet access details. The following operations can be performed using Log feature:
Monitoring internet activities of particular user for a specific date and time and for range
of dates.
Domain wise details for each user can be retrieved.
The retrieved information can be exported to excel file.
BLACKbox Prime Server has a log feature for monitoring the efficiency of the internet
bandwidth usage by the users of the organization. With Log feature an administrator can easily
find out which users load up the bandwidth most heavily, when and what exactly they download,
how much time they spend online, and what data transfer traffic they create.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 8.1)
111
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Log tab. (Screenshot – 8.2)
To monitor internet activities of particular user, an administrator may follow this steps (Refer
Screenshot – 8.2):
112
Managing Proxy Setting
BLACKbox Prime Server provides various proxy settings viz. Proxy Listen
Port, FTP Listen Port, Proxy Root Directory, Proxy Log Directory, Content
Root Directory, IP/MAC/USER Authentication, Web Filter, Proxy Chaining
etc.
Proxy Listen Port: Port at which Internet Server will listen for incoming http or https
request.
FTP Listen Port: Port at which Internet Server will listen for ftp request (supported client
WS-FTP).
Proxy Root Directory: Directory where user information will be stored.
Proxy Log Directory: Directory where log information will be stored.
Content Root Directory: Directory where content information will be stored.
Authentication type: IP authentication, MAC authentication, IP+MAC authentication,
none (authentication not required).
Web Filter: can be enabled or disabled.
Local IP: can be specified.
Keep Alive: Enabling this option keeps connection persistent between client browser and
proxy server.
Proxy Chaining: It is used to connect with other Internet Server. (Not recommended).
Remote Server: Specify other Internet server address. (Not recommended).
Remote Port: Specify other Internet Server port. (Not recommended).
Content Filter: Enabling this filter makes content filter settings active (if too many
content filters are specified it will affect performance of Internet Server)
FTP Timeout in Seconds: Timeout in seconds after which FTP will wait idle. (Default
recommended).
What are proxy settings: A proxy server mediates connections between two or more computers,
acting to increase both security and privacy in the network. The proxy can either exist as a
dedicated server running special software or as just an application running on a generalized
machine. There are many ways to configure a proxy server, and an administrator can use them to
block content to a network, cache data to increase transfer speeds or to bypass filters.
Background: When a computer user uses a Web browser, he or she types in the uniform
resource locator (URL) of the website the user wants to visit. The URL contains the address of a
server and a file, possibly with a directory structure between the two. The Web browser contacts
the server and requests the file in the address. The server replies with the requested file and the
browser displays it. A certain amount of information about the requesting computer (the client)
113
gets sent with the request. This information is passed in HTTP headers. This is part of the
Hypertext Transfer Protocol (HTTP). The HTTP headers establish parameters for the reply and
gives information about the computer's name and location. This is because the server has to
know where to send the reply. If the user does not want the server to learn the details of his
location, he has to channel his browser's communications through a proxy server. The details of
the proxy server are entered in the proxy server settings of the browser.
Purpose: The proxy server receives requests from the client together with the intended Web
server address and file name (the URL). It then contacts that server independent of the client. So,
the client does not contact the server, and the server cannot possibly learn any details of the
client computer. The proxy server gives its details, including its return address. Once the proxy
server receives the file from the server, it sends it back to the client as though the file originated
from the proxy server. The browser can only know which proxy server to contact by reference to
the proxy server settings in its configuration.
Network Options: The option screens of each Internet-accessing application vary slightly, but
there are common elements. The proxy server settings are classified under network options.
Some show several different proxy fields immediately, others will only have one line for proxy
settings, but make others available in advanced settings screens. The regular categories of proxy
settings available are for HTTP, which channels all access to Web pages; FTP, for file transfer;
SOCKS, for a specific type of proxy server; and HTTPS/Secure for encrypted communication.
The user can elect to use a different proxy for each type of traffic.
Setting the Proxy: For each proxy entry, the proxy server settings require two pieces of
information: the proxy server address and the port number to access on the proxy server. The
user can elect to use one proxy server for all traffic. Once these proxy server settings are set, the
named proxy will be used for all communication from that application. There are usually options
for naming exceptions. The browser will make direct contact to the sites in the exceptions list.
BLACKbox Prime Server Internet/Proxy Server has a feature to configure various things through
Proxy Setting Tab. We will study this feature in this chapter.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 9.1)
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Proxy Setting tab. (Screenshot – 9.2)
114
Screenshot – 9.1 BLACKbox Prime Server Control centre
Let us try to understand each setting that appeared on screen, one by one.
Proxy Listen Port: Port at which Internet Server will listen for incoming http or https
request.
FTP Listen Port: Port at which Internet Server will listen for ftp request (supported
client WS-FTP).
Proxy Root Directory: Directory where user information will be stored.
115
Proxy Log Directory: Directory where log information will be stored.
Content Root Directory: Directory where content information will be stored.
Auth Type: Following Authentication Types are supported:
IP+AUTH: IP will be verified for each request and also user will be prompted for
password if password required is not set.
MAC+AUTH: MAC address will be verified for each request and also user will
be prompted for password if password required is not set.
AUTH: User will be prompted for password if password required is not set.
ALL(IP+MAC+AUTH): All above authentication modes will be applied if this
option is selected.
NONE: full privilege will be granted to all users.
Web Filter: Radio Buttons Enabled and Disabled to define Web Filter.
Local IP: Specify local IP.
Keep Alive: Enabling this option keeps connection persistent between client browser and
proxy server.
Proxy Chaining: Enabling this option you need to specify remote server and remote port
(not recommended). It is used to connect with other Internet Server.
Remote Server: Specify other Internet server address. (Not recommended).
Remote Port: Specify other Internet Server port. (Not recommended).
Content Filter: Enabling this filter makes content filter settings active (if too many
content filters are specified it will affect performance of Internet Server).
FTP Timeout in Seconds: Timeout in seconds after which FTP will wait idle. (Default
recommended).
Caution:
Needs to Restart System: After making any changes in Proxy Setting Tab, except adding filter
in allow and deny list, Internet Server must be restarted.
116
Managing Request for Temporary Access
Manage Request: When temporary access of restricted websites is given to user, its request is
added in the Pending request List. The following operations can be performed on such pending
requests:
The requests can be accepted for that user and same rule can be applied to other users and
groups also.
The request can be rejected and same rule can be applied to other users and group also.
A list of rejected requests is stored on internet server. There is a provision to accept the
rejected request for that user so as to enable him/her to give access to restricted site which
was already rejected earlier. The same rule can be applied to other users also.
BLACKbox Prime Server Internet Server provides the feature of allowing temporary access to
the restricted domains.
We have already learned about the Web Filter feature in Chapter 4, in which we have described
Allow and Deny filter. In Deny web filter database, we can list the websites, whose access is
restricted to user(s) and/or group of users.
When a user tries to access the restricted website, a window shown in figure 10.l is displayed.
Figure 10.1
Refer to Figure 10.1. The displayed message is conveyed to the user. The user has to click on
Confirm button to access the restricted website. Once confirmed by user, the user’s request is
sent to BLACKbox Prime Server Internet Server administrator for the review. Using Manage
117
Request Tab an administrator may Accept of Reject the request. Thus an administrator can
provide temporary access of restricted website to user or group of users or he/she may reject the
request. There is also a provision of accepting rejected request of the users.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 10.1)
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Manage Request tab. (Screenshot – 10.2)
118
When temporary access of any of the restricted domains is asked by the user, its request is added
in the Pending request List. To see Pending Request or Rejected Request of user, first select any
user from List then click on Search button.
To see Request from all users select All and then click on Search button.
To accept user request select request from list then click on Accept button. To reject user request
select request from list and then click on Reject button.
To delete request permanently select the request and click on Delete button.
Accept Request:
When an administrator click on Accept button it will automatically grant access of restricted
domain to selected user but ask for another Proxy User and Proxy Group selection. If an
administrator wants to grant access of that domain to another Proxy User or Proxy Group then
he/she should select User or Group from the List and then click on OK button. Refer Screenshot
– 10.2.
119
Reject Request:
When an administrator clicks on Reject button it will automatically reject request of selected user
but ask for another Proxy User and Proxy Group selection. If an administrator wants to reject the
request of another Proxy User or Proxy Group for the same domain then he/she should select
User or Group from the List and then click on OK button. Refer Screenshot – 10.2.
Thus an administrator can Accept/Reject request of user and apply the same rule to other users
and groups at one go and save crucial time of managing requests of bulk of users and groups to
have an access of same website.
If request by user for granting restricted domains is rejected by administrator, it will be displayed
in Rejected Request list. To accept that request, select request from rejected request list, then
click on Accept Rejected button.
It will automatically grant access of restricted domain to selected user but ask for another Proxy
User. Refer Screenshot – 10.4.
If an administrator wants to grant access of that domain to another Proxy User then select User
from the List and then click on OK button. Refer Screenshot – 10.3.
Screenshot – 10.4 Accept Rejected Requests and Apply rule to other Users/Groups
Thus an administrator can Accept Rejected request of user and apply the same rule to other users
and groups at one go and save crucial time of managing requests of bulk of users and groups to
have an access of same website, which was earlier rejected.
120
Monitoring Internet Access Log
BLACKbox Prime Server Internet Server stored and maintains log of internet access. At a given
point in time an administrator can open and view a log and thus monitor users’ activity on
internet server.
Invoke BLACKbox control centre by double clicking on BLACKbox short cut icon. The control
centre will appear on screen. (Screenshot – 10.1)
Internet Server Console window will open, once user clicks on Internet Server Button in
BLACKbox Prime Server control centre. Click on Monitor tab. (Screenshot – 11.2)
Refer to Screenshot – 11.2. The Monitor Tab is used to open and view internet access log. By
clicking on Open Today’s Log hyperlink, an administrator will be able to view current internet
access log details.
121
Screenshot – 11.2 Internet Server Console (Monitor Tab)
Top of document
122
Q.
Introduction:
123
These days, in SME/SMB’s, where an organization is handled by single owner, it may be
possible that the owner cannot judge the daily productivity of each employee who uses personal
computer for his/her routine work.
To look over that problem Synersoft Technologies Private Limited has given the solution to
come over that situation. It is called Play Back Office.
Play Back Office is a web-application. Using this application, admin can view employee’s
workstation’s screenshot either from the or remotely.
This application is a client-server web application where BLACKbox client will communicate
with BLACKbox server, and as per decided interval of time Play Back Office (PBO) application
takes screen-shot of each client, which are configured in that application and admin can view
employee’s workstation’s screenshot for any given date/time.
Entering web-link in browser, user can view main login panel as stated in main screen-
shot.
Please refer to screenshot 29.1 Main Console. By using authorized id, person can able to
access application page.
124
Screenshot – 29.2 :-Home page
As per upper screenshot, we can find the record of user dilip.desai for specified
date/time.
Here administrator can view hourly based records by clicking play records button.
e.g.
Suppose administrator wishes to check user dilip.desai’s activity on date of 25-
12-2013 - time between 4:01 pm and 05:00 pm, then a play records button in line
of that tab can show individual pictorial screen-shot of desktop or slide show.
125
Screenshot – 29.5:-slide show.
As per screen-shot 29.4- Play Records admin can also view slide show by
clicking on Play slide-show button.
Administrator can also remove records of particular date by selecting screenshots.
126
Screenshot – 29.6 :-Change password
127
Chapter:- 30 Configuration Procedure of Play Back Office:
Play Back Office is a web application which can be installed on local server and
the same can be managed by application provider.
User Creation:- A system in which BLACKbox client is installed is eligible for play back
office’s user.
By Clicking on Desktop console the administrator can get the details of installed BLACKbox
Client setup.
128
Here ‘Users’ tab shows the number of users created using users’ computer names.
By clicking on Edit button, edit user window will open which will give the user’s information,
which is already defined by the administrator.
By clicking on Vigilance Button administrator can open vigilance window. Let us understand the
items of vigilance window and their functionality.
129
Enable: If checkbox is checked, then Play Back Office functions are enabled.
Username: For authentication, please mention the user which you have created on it .
Interval: Please mention alphanumeric number which will be considered as number of minutes.
Top of document
130
R. Deduplication Configuration and Understanding of Report
131
Snap3: it shows the
further steps to add the
report Task name and
email id to proceed
Next.
132
Snap5: it shows the
wizards for selecting
trigger to enable the
schedule to generate
duplication reports and
click on Next.
Snap6 : it shows
share folder list to
enable reports and
click on Next.
133
Snap7 : it shows the
summary for the
configuration details,
verify it and click on
apply to schedule.
Snap 8 : it shows
the created task for
Deduplication
reports.
134
Understanding of Deduplication reports:
Snap1 : it shows the quota usage for volume by user wise. Here can export in CSV
file.
135
Snap2: it shows the the files count with size.
136
Snap4: it shows the graphical diagram from shared folder.
137
Snap6: it shows the duplicate files candidates by shared folder wise.
138
Snap7: it shows the large files by shared folder wise.
139
Top of document
140
S. Configuration of Dual Profiling
The BLACKbox Duo technology can divide an employee’s personal laptop or desktop into
two parts, which are useful as below.
1. Enterprise Zone
Inside the enterprise session, employees can
connect to the VPN to utilize a company’s data.
While the employees are accessing enterprise data,
all Data Leakage Prevention policies over USB, Email,
and Internet are in force. MSMEs can safely extend
access to its enterprise data without worrying about
its leakage or theft.
2. Personal Zone
Inside the personal session, employees can use their
personal data like entertainment, photos, personal
documents, games, applications, for whatever
purpose they are using that laptop or desktop. The
only thing they cannot access is your enterprise data,
emails, and enterprise applications. Also, enterprise
Data Leakage Prevention policies on USB, Email, and
Internet are not in force while they are inside the
personal sessions.
BLACKbox Software for Information Security on Laptops is designed for the enterprises who have
laptop users carrying handling company’s digital assets on their laptop devices.
141
Such enterprises need to regularly backup the data lying on laptops.
Such enterprises need to secure data on laptops to avoid any competitive exploitation.
Overview:
BLACKbox Software for information security on laptops is developed on the assumption that Growing
enterprises have growing users who use portable devices like laptops. Such laptops carry the company’s
digital assets. Important data on these laptops is not regularly backed up. Also, enterprises need to prevent
data theft from these laptops by USB, email or Internet.
In nutshell, BLACKbox software for Information Security on a laptop is designed to preserve and secure
digital asset on laptops.
Features of BLACKbox Software for Laptop Backup and Information Security on Laptops Professional
and Personal Drive for Selective Data Backup on Laptops.
BLACKbox technology divides each laptop in professional and personal drives. Enterprise data always
remains on a professional drive. Neither can user work on enterprise data from personal drive nor can he
transfer enterprise data to the personal drive.
Policies apply when the user works on a professional drive containing enterprise data to ensure
information security on email, USB and internet.
While user is working on professional drive, BLACKbox software loaded on laptop vigilance controls on
email client used by laptop user in professional drive. You can define email user's policy on where he/she
can or cannot send an email, what he/she can or cannot send emails to suit your information security
requirements. Also, BCC (Blind Carbon Copy) is an easy way to leak data from enterprise. In
professional drive mode, BLACKbox software intercepts BCC from email client, allows or disallows as
per policy and submits report to designated users with content of email and recipients in BCC.
Innovative USB drive policies with report generation in Professional Drive Mode.
BLACKbox software loaded on your laptops, makes all USB port, “smart”. Enterprise can define policy
on USB usage for keyboard, mouse, printer and deny usage of USB by pen drives, hard drives, mobile
phones on USB. It can also define policy that data can be brought in the laptop over USB, but cannot be
taken out on USB. It can also define policy where entrusted users can take data out on USB, but report is
generated and sent to designated users for evidence purpose.
142
Online Backup of Laptops on Data Center with Versioning for Professional Drive BLACKbox software
connects to BLACKbox data center and takes backup of professional drive regularly with versioning. In
case laptop is stolen, crashed, infected, enterprise can recover data from data center. In case laptop is
infected by ransomware, enterprise gets previous versions of data to minimize down time.
BLACKbox duo, BLACKbox duo Lite and BLACKbox DCDR can be used for Data Loss and Theft
Prevention on laptops as well as provide disaster response facilities. There are many SMEs who have
large files generated by technical software they use. Such large files require extraordinary resources that
can be available in the form of BLACKbox Turbo, or BLACKbox Twin Turbo which are our
technological application SSD caching through BLACKbox SSD Cache.
Unlike the backup scenario in Desktop and Server environment, backup scenario of laptops pose
multiple challenges.
Laptop encloses voluminous personal data in terms of entertainment, photos along with enterprise data.
As personal and entertainment data is major part of total data on a user's laptop, any provision to back up
user's laptop will exhaust tremendous space on backup carrying device. It is necessary to segregate
between personal data (not to be backed up on enterprise backup devices) and enterprise data (backup
eligible data to be backed up on enterprise backup devices)
Challenge 2: Mix-up of personal and enterprise data flooding Enterprise Backup Devices
By mapping backup eligible folders (carrying enterprise data) with enterprise backup devices and to un-
mapping backup ineligible folders (carrying large sized personal data), we may solve the problem of
excluding large personal data going to enterprise backup system. But it is a temporary solution. User may
start saving enterprise data in personal folder and personal data in enterprise folder. This is a real
challenge.
BLACKbox intelligently solves this challenge in a full proof manner. Its technology is known as a duo,
first separates laptop storage in personal and enterprise compartments. It separates these compartments in
enormously data-tight (like air-tight or water-tight) manner. Once implemented, enterprise data can’t be
accessed from the personal session and vice versa. Now, you can map only enterprise data with your
cloud or data center.
143
Duo technology will not allow user to mix-up personal and enterprise data. It will make sure that only
backup eligible enterprise data is backed up on your enterprise backup device or cloud backup or data
center.
Your BLACKbox and laptops can be linked with our Data Center to resolve Disaster, Laptop Loss, and
Hardware Failure. Our signature technology transmits data in compressed and encrypted form. It also
sends comprehensive backup status reports of all included assets. Restore is encryption-decryption key-
driven for making your data only accessible to the owner of the data only.
This is very effective if your enterprise allows BYOD (Bring Your Own Device) basis laptops from users.
In order to understand how BLACKbox prevents loss of data from laptops, let us first understand the
situations which can cause data loss or business discontinuity.
First situation is, Accidental or Intentional Deletion of data; A user can delete data accidentally or
intentionally from the laptop. It can be easily restored from our data center and you can configure it for
number of days you want to keep deleted data on data center.. We are 100% sure that 99% enterprises
can’t instantly recover data deleted from the laptop. Think about your enterprise, are you among those
99% vulnerable enterprises?
Second Situation is, Ransomware attack; Laptops are most vulnerable to ransomware attacks. Especially,
when they are on BYOD basis or otherwise. As ransomware breaks out, and your data on the laptops is
encrypted. We are 100% sure that 99% enterprises can’t recover data after ransomware strike and re-do
the work. Think about your enterprise, are you among those 99% vulnerable enterprises?
and Three,
Accident or Disaster or Hardware failure A disaster, or laptop theft, or hardware failure can lead to
data loss. We are 100% sure that 99% of enterprises do not have set process for laptops backups and
automated out of premise backup. Think about your enterprise, are you among those 99% vulnerable
enterprises?
144
BLACKbox product separates enterprise data and personal data to implement data leakage and theft
prevention policies on USB, emails, and internet through laptops to enable security effectiveness.
Executive Summary:
BLACKbox technology on laptops is for 99% of enterprises who are always worried about data loss, theft,
and leakage from laptops. Most of these organizations do not have any provisions to prevent or stop these
data leakages effectively. Our technology separates enterprise data in data tight (like air-tight or water-
tight) manner, during the sessions of accessing enterprise data. Additionally, it implements all data
leakage and theft prevention policies on USB, emails, and the internet.
This scenario further makes sure that employee can use enterprise data and organization is not worried
about data loss, theft, or leakage. Not only this but also, all restrictions are automatically removed when
personal data is accessed or in use.
It works well even when enterprises allow devices on Bring your own Device (BYOD) or work from
home basis where employees are assured of free use of personal sessions without any monitoring and
restricted use of enterprise sessions under all tracks as well as organization policies.
Bring your own Device (BYOD) and work from home are the in thing and maturing trends in the current
scenarios. Today, these enablement in organizations are highly cost-effective, convenient, and productive.
However, another side of the same coin is, Laptops, enterprise-owned, or BYOD basis, or work from
home sessions can be irreversible data leakage holes which can negatively affect these organizations.
The employees could use the client’s digital assets over email, could take it on a USB drive, or could
upload on cloud storage and could further use it for unethical practices. The critical concerns related to
these data leakage, data loss, and data thefts, can also affect the IT infrastructure as well as distress
organizations on competitive grounds.
BLACKbox separates enterprise data in data-tight ways, during the sessions of accessing enterprise data.
The technology further implements all data leakage and theft prevention policies on USB, emails, and
internet through laptops.
145
This scenario makes sure that employee can use enterprise data and organization is not worried about data
loss, theft, or leakage. Not only this but also, all restrictions are automatically separated when the staff
uses personal data.
BLACKbox works and is immensely useful when enterprise allows devices on BYOD foundations where
employees are assured of free use of individual sessions without any monitoring and restricted use of
enterprise based session courses. Also, this works very well under all tracking, monitoring a well as
comprehensively facilitated organization policies.
BLACKbox product even minimizes the client’s infrastructure investments and offers superior technical
performance with high levels of data security effectiveness.
Solution Results:
BLACKbox technology continues to assist the enterprise clients with Data Leakage Prevention through
USB, Email Attachment, and Internet Sessions while accessing Laptops and other devices used in the
scenarios of BYOD and work from home.
BLACKbox software connects to BLACKbox data center and takes backup of selected data on servers
regularly with versioning. In case server is crashed, infected, enterprise can recover data from data center.
In case server is infected by ransomware, enterprise gets previous versions of data to minimize down time.
Admin role at the enterprise can check the data backup in single screen for all the servers, can restore
selected data for designated user / application, go backward on previous version for specific data file for
designated laptop.
Top of document
146
Glossary – BLACK Box Prime Server
Backup: Protection of important data by making one or more duplicate (redundant) copies of the
original at frequent intervals. These copies are stored at different (preferably off-site) locations
(either on other computers via internet or on storage media such as disk, tape, CDs) to minimize
the chance of loss by accident, mistake, or sabotage.
BCC: Abbreviation of Blind Carbon Copy. BCC is a copy of a mail to another person in addition
to the addressee, without showing on the original letter that a copy was sent to someone else.
Domain Name Service: Distributed database that translates domain names such as 'yahoo.com'
(which is easier to remember) into its unique four-part Internet Protocol (IP) address
(204.71.200.74).
147
Enterprise: Entire business group or corporation comprising of all local and international main
and sub offices, divisions, subsidiaries, and departments.
FTP: Abbreviation of File Transfer Protocol. Method of transferring data files from one
computer to another over a network. The most basic way of sending and receiving files over
internet, FTP divides files into several segments and assigns a reference number to each one.
These segments are transmitted in a sequence which the receiving computer reassembles as an
exact copy of the original. FTP also performs automatic error detection and correction in file
transfers. There are hundreds of thousands of FTP files over the internet that can be freely
downloaded. See also anonymous FTP and FTP site.
Gateway: Hardware/software device (such as a router) that connects and transfers data between
two networks employing different communications protocols.
GUI: Abbreviation of Graphical User Interface. Software that works at the point of contact
(interface) between a computer and its user, and which employs graphic elements (dialog boxes,
icons, menus, scroll bars) instead of text characters to let the user give commands to the
computer or to manipulate what is on the screen. GUI elements are usually accessed through a
pointing device such as a mouse, pen, or stylus. All programs running under a GUI use a
consistent set of graphical elements so that once the user learns a particular interface, he or she
can use all programs without learning additional or new commands. Pioneered by Xerox and
developed by Apple computers, GUI is now employed by all modern operating systems and
application programs.
HTML: Abbreviation of Hypertext Markup Language. Standard text based computer language
for creating electronic (hypertext) documents for the web or offline uses. Being a 'markup'
language, the value of HTML lays not so much in designing a visual structure (fonts, line
spacing, layout, etc.) of an electronic document but in formulating its logical structure. The
logical structure permits 'intelligent' information processing that is a prerequisite for the
information's organization, indexation, communication, and discovery on the web. HTML
supports inclusion of audio, video, and animation into an electronic document through helper
software such as ActiveX, Java applets, Quick-Time. See also Extensible Markup Language.
148
HTTP: Abbreviation of Hypertext Transfer Protocol - standard procedures which all computers
(whether clients or servers) connected to the web employ to communicate with each other over
the internet. HTTP consists of a set of rules for speedy retrieval and transmission of electronic
documents written in HTML (Hypertext Markup Language).
IMAP: Abbreviation of Internet Message Access Protocol. A protocol that allows a user to
perform certain electronic mail functions on a remote server rather than on a local computer.
Through IMAP the user can create, delete, or rename mailboxes; get new messages; delete
messages; and perform search functions on mail. A separate protocol is required for sending mail.
Also called Internet Mail Access Protocol.
Internet Service Provider: Large-scale provider of internet connections, ISPs usually are the
telephone companies who lease bulk Internet connections to internet access providers and
information utilities, who in turn rent them to individual customers.
Internet: Called the 'information superhighway' and the 'network of networks,' it is basically a
means of connecting a computer to any other computer anywhere in the world.
IP Address: Unique 32-bit long code number which each computer acquires automatically
through its internet access provider (IAP) for connecting to the internet. This address is in
'a.b.c.d' format where each letter (separated by a period) is a number with value from 0 to 255.
However, every computer connected to the internet also has a domain name (consisting of a
maximum of 20 alphanumeric characters) which is easier to remember than its associated IP
address. Specialized computers (called 'domain name servers' translate the domain names into
149
their corresponding IP addresses so that the recipient (target) computers can be located and the
data is correctly routed. Also called web address.
Local Area Network: User owned and operated short-distance cable and/or wireless-based data
communication system that interconnects one or more servers with several client computers and
peripheral devices (modems, printers, scanners, etc.) scattered across a room, building, or a
cluster of buildings. Two major LAN standards are Ethernet and Token Ring.
MAC Address: MAC addresses are most often assigned by the manufacturer of a network
interface card (NIC) and are stored in its hardware, the card's read-only memory, or some other
firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the
manufacturer's registered identification number and may be referred to as the burned-in address.
It may also be known as an Ethernet hardware address (EHA), hardware address or physical
address.
Mail/Email: Almost instantaneous transfer of text, voice, and/or video messages from one
computer or device to another, typically (but not necessarily) over the internet.
Malware: Software code (such as a virus) designed to surreptitiously invade a computer system
and perform some unauthorized or destructive action.
Organization: A social unit of people systematically structured and managed to meet a need or
to pursue collective goals on a continuing basis. All organizations have a management structure
150
that determines relationships between functions and positions, and subdivides and delegates roles,
responsibilities, and authority to carry out defined tasks. Organizations are open systems in that
they affect and are affected by the environment beyond their boundaries.
POP: Abbreviation is Post Office Protocol. A protocol used to retrieve e-mail from a mail server.
Port Number: Each TCP/IP application program has unique port numbers associated with it.
The port number identifies the logical communications channel that is to be used by this
application. Some protocols, use a well known port (for example, HTTP uses port 80) though
this too can be configurable. Port numbers are always used in conjunction with IP addresses
when establishing connections to host computers. The host computer may be running both an
HTTP server and an FTP server. If you're connecting to the host computer using a web browser,
you'll want to connect to the HTTP server and not the FTP server. Since HTTP servers usually
listen on port number 80, and FTP servers usually listen on port number 21, the web browser will
connect to the correct server on the www.mysite.com computer if it connects to port 80.
Protocol: Set of agreed upon, and openly published and distributed, standards that enables
different firms to manufacture compatible devices to the same specifications. All devices made
under the same protocol work with one another without any adjustment or modification.
Return On Investment: Earning power of assets measured as the ratio of the net income (profit
less depreciation) to the average capital employed (or equity capital) in a firm or project.
Expressed usually as a percentage, it is a measure of the profitability which (while not taking the
time value of money into account) indicates whether or not a firm is using its resources in an
efficient manner. For example, if the ROI of a firm (in the long run) is lower than its cost-of-
capital then the firm will be better off by liquidating its assets and depositing the proceeds in a
bank. ROI is also called rate of return, or yield.
SMTP: Abbreviation is Simple Mail Transfer Protocol. A protocol for sending e-mail messages
between servers. Most e-mail systems that send mail over the Internet use SMTP to send
messages from one server to another
151
Spam: Mass mailing over the internet by sending promotional messages to practically everyone
whose email address is known, without asking for anyone's permission.
SQL Server Express is a powerful and reliable data management product that delivers rich
features, data protection, and performance for embedded application clients, light Web
applications, and local data stores.
Thread: By default, a process has one thread, the main thread. If a process has multiple threads,
the main thread is the first thread in the process. A user process can use the POSIX thread API to
create other user threads.
UDP: Abbreviation is User Datagram Protocol. The User Datagram Protocol (UDP) is one of the
core members of the Internet Protocol Suite, the set of network protocols used for the Internet.
With UDP, computer applications can send messages, in this case referred to as data grams, to
other hosts on an Internet Protocol (IP) network without requiring prior communications to set
up special transmission channels or data paths.
Unique Selling Proposition: Real or perceived benefit of a good or service that differentiates it
from the competing brands and gives its buyer a logical reason to prefer it over other brands.
152
USP is often a critical component of a promotional theme around which an advertising campaign
is built.
URL: Abbreviation of Uniform Resource Locator, the global address of documents and other
resources on the World Wide Web.
User: Entity that has authority to use an application, equipment, facility, process, or system, or
one who consumes or employs a good or service to obtain a benefit or to solve a problem, and
who may or may not be the actual purchaser of the item.
Virus: Often referred to as computer virus. Small but insidious piece of programming-code that
attacks computer and network systems through 'contaminated' (infected) data files, introduced
into a system via disks or internet. As a digital equivalent of biological microorganisms, it
attaches itself to the target computer's operating system or other programs, and automatically
replicates itself to spread to other computers or networks. Invented in 1960s as a prank, viruses
come in thousands of types and versions with new ones being invented every day, each requiring
a different cure (see antivirus and vaccine). While a few viruses are harmless diversions, most
are malicious and cause widespread and severe damage and may bring down entire
communication-networks or websites. Some are immediately active, others remain latent for
weeks or months, or work slowly to avoid detection and cause destruction over long periods.
Propagation of computer viruses is a serious crime in many countries. See also Trojan horse, and
worm.
Webpage: Electronic (digital) document created with HTML and, therefore, accessible with a
browser. In addition to text and graphics, WebPages may also contain downloadable data files,
audio and video files, and hyperlinks to other pages or sites. A website is usually a collection of
WebPages.
Wide Area Network: Data and voice communication network that extends beyond the
geographical limitations of a local area network (LAN). In a typical configuration, a WAN
consists of several LANs at dispersed locations interconnected via gateways over leased or
dedicated telephone and/or wireless links. Airline- and hotel reservation services comprise of
WANs, and the internet is the worlds largest WAN. Intranets, extranets, and virtual private
networks are all WANs simulated over internet connections.
153
Wizard: A utility within an application that helps you use the application to perform a particular
task. For example, a "letter wizard" within a word processing application would lead you through
the steps of producing different types of correspondence.
World Wide Web (WWW): Collection of internet resources (such as FTP, telnet, Usenet),
hyperlinked text, audio, and video files, and remote sites that can be accessed and searched by
browsers based on standards such as HTTP and TCP/IP. Also called the web, it was created in
1989 by the UK physicist Tim Berners-Lee while working at the European Particle Physics
Laboratory (called CERN after its French initials Conseil Europeen de Reserches Nucleaires) in
Switzerland, as an easier way to access information scattered across the internet.
______________________________________________________________________________
Top of document
154