Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Hello,
We are implementing Hosted Web Security, and installed Web End point on user PCs to enforce browser to go through Host Web Security.
My question is that, is there any way I define HWS or set up Web End Point in such a way that if user access from unknown (not defined) proxy address, then give full access to the INTERNET.
Because we don't want to restrict the Internet access to the users(laptop users) when they access from out of the office network(from home or whatever place).
What happens is that, when laptop users access to the Internet from out of office network, HWS ask them to authenticate( to log-in), once they logged in using email addr and password, same company defined policy applies to them and they can't access to the every site, which we don't want it happen to them.
I'm sorry I don't have any experience with hosted installs, but I'm curious as to why would you want to do that? If anything wouldn't you MORE want them restricted when they're not in the office because now they're no longer protected by your firewall, IDS/IPS, etc? You have no idea the security of the network they're on or what else is there. If they get infected outside of the office because you disabled filtering they'll just bring it onto your network later and possibly spread.
It's kind of like saying you want to use protection with your wife but not with the girls you pick up at bars on the weekends when she's out of town...
At the moment you cannot do differentiated policies for the same user - one policy for off-network, a separate policy for on-network. My understanding is that this functionality is in development.
I would concur with Glitch that you do NOT want to have a completely open policy - even for off-network. I'm quite certain you'd want to block access to sites in the security categories (e.g., botnetworks, keyloggers, malicious web sites, dynamic DNS, etc.). However, I can see why you might want to open things up a bit (e.g., permit access to internet radio/TV or streaming media) in cases where it isn't your company's bandwidth the user is sucking up...
The reason behind is that users in office are blocked to access to the social networking sites like Facebook and Youtube.
Imagine the situation like, your employee is on vacation or on day off, but you can't block them to use their laptop and access to the social networking site, Facebook and Youtube.
I wonder what solution would you recommend for the situations like that.
@Denee,
You are right. It would be nice if HWS can define different policy for the same user, like on-network and off-network.
It is unreasonable to block the user to access to the bandwidth intensive or social networking sites from their home or outside of office network.
Is there any way to deal with this situation? For desktop PCs are fine, because they are not moving out of office network, The problem is with laptops.
What would I do? I wouldn't be allowing employees to use company equipment for personal use. If they want to visit those sites when they're not working then they should be using a personal computer. Company assets should only be used for company business.
That aside, if you were using a PAC file to connect them to the HWS you could configure it to work or not work depending on the source IP it was on... but Websense in general doesn't have the ability to define a different policy for a user based on their physical location. You could do it based on time of day though... but that won't account for vacation days, just off hours.
At the moment no.... The only way to do it - and trust me, you won't want to go there - is for users to have separate logon accounts for home use vs in the office use. See? I told you you wouldn't want to go there...
I'd suggest you speak with the cloud security product manager regarding this type of feature. He can advise you on what may be coming in future releases. Your account manager can put you in touch with the product manager.
