Upload
doanquynh
View
221
Download
3
Embed Size (px)
Citation preview
Sonar 3.5.3
Release Notes
December 2015
Copyright 2015 @ Blue Reef Pty Ltd. All rights reserved. This document is for informational purposes only. Blue Reef Pty Ltd assumes no responsibility for the accuracy or completeness of the information. To the extent permitted by applicable law, Blue Reef provides this document "as is" without warranty of any kind, including, without limitation, any implied warranties or merchantability, fitness for a particular purpose or non-infringement. In no event will Blue Reef be liable for any loss or damage, direct or indirect, from the use of this document, including, without limitation, lost profits, business interruption, goodwill or lost data.
Sonar 3.5.3 Release Notes
3
Before You Start ................................................................................................................................. 4
Requirements ..................................................................................................................................... 4
Sonar 3.5.3 New Features and Enhancements ................................................................................ 5
Ethical SSL Solution ........................................................................................................................ 5
Transparent Proxy ....................................................................................................................... 6
Upstream Cache Tunnelling ........................................................................................................ 6
Ethical SSL Inspection ................................................................................................................. 7
SSL On-boarding ......................................................................................................................... 8
Transitive Trust ............................................................................................................................ 9
HTTP Header Control ................................................................................................................ 10
Acceptable Use Policy (AUP) Acceptance Expiry ...................................................................... 12
SMTP TLS ................................................................................................................................. 13
Reporting Enhancements .............................................................................................................. 14
YouTube Reports ...................................................................................................................... 14
Search Engine Reports ............................................................................................................. 15
Category Reports ...................................................................................................................... 15
Resolved Issues ............................................................................................................................... 16
Block Page URL Issue ................................................................................................................... 16
Domain Authentication Monitor ...................................................................................................... 16
Foreign Language in URL causing Null Pointer exceptions ........................................................... 16
SMTP Profile/Server changes not applying ................................................................................... 16
Database Pool Size Maxing Out .................................................................................................... 16
Sonar 3.5.3 Release Notes
4
Before You Start
Before you install the latest version of Sonar, it is recommended that you read the
release notes and pay particular attention to sections marked by the following icon:
which indicates important setup / configuration information as well as any additional
notes or further explanation.
Requirements
Your current Sonar version must be at least 3.5.0 before you can update to Sonar
3.5.3. If you are using an earlier version, please contact our support team about your
options.
Checking your Sonar Version
The first three version numbers are displayed in the title bar of the Sonar management
console.
To view the release version:
Log in to the Sonar management console check the version number (as per below).
It is important to note that you must be running at least Java 7 in order to run both the Admin GUI and the Java Authentication Client. Any versions previous to this may experience some unexpected issues.
Sonar 3.5.3 Release Notes
5
Sonar 3.5.3 New Features and Enhancements
Ethical SSL Solution
Sonar v3.5.3 features an Ethical SSL Solution specifically designed for schools who
understand that it’s part of their Duty of Care to teach students to use the internet
responsibly, and ultimately guide them on their journey to becoming good digital
citizens.
With this in mind, Sonar v3.5.3 introduces two key components - A fully transparent
HTTPS Proxy, and Ethical SSL Inspection. In addition to these, other key
enhancements have been made to help facilitate the solution. A brief overview is given
below, with detailed explanations of each on the following pages.
Improvements have been made to Sonar’s Transparent Proxy, now allowing
transparency for HTTPS as well as HTTP, without the need for SSL Inspection. As
such, Users no longer require any explicitly set proxy settings and all devices
(including those that are BYOD) are compatible.
Sonar can now perform Ethical SSL Inspection, giving the school granular control over
HTTPS sites whilst still maintaining an acceptable level of User privacy. In addition to
content inspection and re-writes, SSL Inspection also allows Sonar to run in-depth
reports on User activity.
As part of its Ethical SSL Solution, Sonar has introduced a seamless on-boarding
process, which allows BYOD devices to be guided through Acceptable Usage Policies
and be configured for SSL Inspection without the need for IT Support.
Sonar also introduces HTTP Header Control, which ensures that only safe content is
served from YouTube, Google, Bing and similar content-controlled sites. This allows
for greater control over access to Google Apps, allowing Users to only log in using
their email registered with the school and/or organisation.
The next pages will explain in detail the extent of these new features, and how they
can help your school.
Sonar 3.5.3 Release Notes
6
Transparent Proxy
With v3.5.3, Sonar utilises the HTTPS/TLS Server Name Indication (SNI) header to
Transparently Proxy HTTPS without the need for SSL Decryption. The Transparent
Proxy also works seamlessly behind a Department or CEO Proxy, and BYOD Devices
do not require any additional configuration to work.
Previously, Blue Reef encouraged the use of WPAD or Proxy PAC files to take
advantage of Sonar’s Proxy capabilities. These required hosting a file on a local
server, and configure a DNS Record for WPAD.
Sonar’s Transparent Proxy no longer requires any extra configuration to be done
outside the Sonar device itself, providing a more unified, application-aware Proxy that
is compatible with all devices and services.
Upstream Cache Tunnelling
Sonar is now Application Aware! Sonar will detect and process non-Proxy aware
applications even if your school is behind an upstream proxy (such as CEO or
VicSmart). For example Skype’s iOS App does not detect nor support any Proxy
Settings but works seamlessly with Sonar’s Upstream Cache Tunnelling in place.
There is no required configuration to enable Upstream Cache Tunnelling. With the
upgrade to v3.5.3 it will available to use out of the box.
Sonar 3.5.3 Release Notes
7
Ethical SSL Inspection
In addition to the Transparent Proxy, v3.5.3 introduces Ethical SSL Inspection and
Decryption. This provides three levels of Inspection:
Light – limited to Search Engines and Anonymous Proxies.
Medium – limited to Search Engines, Anonymous Proxies, Webmail, Chat
and Social Networking.
Heavy – Inspects all encrypted HTTPS traffic except Banking and Finance.
These three levels only provide a template of the type of traffic you want to inspect
within each Group on Sonar. Once configured, you can freely add or remove Filtering
Categories that you want to inspect, just like you would with Filtering Exceptions or
Block lists.
It is important to note that Sonar’s Ethical SSL Inspection does not have to be enabled to Transparently Proxy HTTPS Traffic. This feature is fully optional, and can be enabled, controlled, and maintained at a Group level.
Sonar 3.5.3 Release Notes
8
SSL On-boarding
It’s a known fact that the use of SSL Inspection requires a Certificate to be installed on
the client device. While in a Windows Environment this can be easily achieved with
Group Policy, it is rarely as easy with BYOD Devices and other Operating Systems,
especially if the user is unfamiliar with the process.
Sonar’s On-boarding process is able to detect what device and operating system is
being used, and provides guided, easy-to-follow instructions on how to install the
Certificate on their device, without them having to contact IT Support.
Below is what a user will see if On-boarding is enabled in their Group Settings. Users
can choose to run an automatic installer to install the Certificates or do it manually.
BYOD handheld devices (such as iPhones or Android phones) however will have to
install the Certificate manually:
It is important to note that for the On-boarding instructions to appear, the initial page opened must be a HTTP site, as without the Certificates, we cannot redirect HTTPS to HTTP.
Sonar 3.5.3 Release Notes
9
Transitive Trust
Sonar now has the ability to identify and block fraudulent sites with the Transitive Trust
feature.
What is Transitive Trust? Every HTTPS site you visit is usually signed and verified
with a valid SSL Certificate issued by a trusted party (usually a trusted root Certificate
Authority, or CA). If a site does not have a valid SSL Certificate, your browser normally
notifies you to let you know that the site is “untrusted” and may be harmful.
With Transitive Trust, Sonar is able to now verify the CA for the browser, and block
access to the fraudulent site to prevent any harmful activity from occurring.
The option to block or allow unsafe SSL Sites is configurable in Sonar’s Proxy Settings. Allowing access to unsafe sites will simply trigger the default browser warning for the user. Transitive Trust is a global setting, and cannot be configured per-group.
Sonar 3.5.3 Release Notes
10
HTTP Header Control
With the introduction of SSL Inspection, Sonar gives you the power to ensure safer
content delivery across all major search engines and video streaming sites.
Due to Google and YouTube defaulting SSL in the past, enforcing safe search with
Sonar was a difficult task. Now, not only can Sonar guarantee safe content, it also
gives Administrators complete control over other web-based services such as Google
Apps, as well as Cookie control.
Some schools utilise Google Apps for work. This commonly means that they have to
open access to all Google services, thus allowing users to log into their personal
accounts as well. With HTTP Header Control, Sonar can now explicitly allow users to
log in only with their school account, and block all access to personal accounts. In the
example below, we restrict users to only allow them to log into their email accounts
that have the @bluereef.com.au domain. All other domains such as @gmail.com will
be blocked:
Sonar 3.5.3 Release Notes
11
Safe Search Rewrites will once again work for all major browsing engines such as
Google, Bing and Yahoo. YouTube for Education will also be configurable. This can
be achieved by placing in the Header for YouTube, and the Education filter value they
provide you, as per the example below. This means any search request that a User
issues will only return results relating to YouTube Education:
Cookie Manipulation You can also deny logins altogether, using Cookie Manipulation. By leveraging this
technique, Sonar can grant access to sites such as YouTube, but prevent users from
signing into their personal accounts to access or upload other content.
Sonar 3.5.3 Release Notes
12
Acceptable Use Policy (AUP) Acceptance Expiry
Previously, Sonar’s AUP functionality was quite restricted. You could only set the AUP
to appear on either a User’s initial login, or every time a user logs in.
Modifications have now been made to Sonar’s existing AUP system. The Acceptable
Use Policy is now able to be reset Daily, Weekly, Monthly or Yearly, in addition to the
First Logon and Every Logon options that were previously available.
Sonar 3.5.3 Release Notes
13
SMTP TLS
Updates have been made to Sonar’s SMTP Mail Engine allowing it to use TLS by
importing a certificate. This will ensure that mail configurations such as hybrid Office
365 setups are able to pass mail in and out of Sonar’s Mail Engine for SPAM filtering
and Heuristic Checks.
Sonar 3.5.3 Release Notes
14
Reporting Enhancements
There have been further enhancements made to Sonar’s reporting system, including
the addition of several new reports that can identify potential behavioural problems
and self-harm within the school and/or organisation.
YouTube Reports
Three brand new, detailed reports have been added to the Sonar Reporting Family.
Previously due to Google and YouTube encrypting their traffic, running reports on
what students were searching for on Google and YouTube during school hours was
impossible.
However, leveraging SSL Inspection, Sonar can now thoroughly report on all traffic
going through Google and YouTube, and effectively run detailed reports on where
students are going and the content for which they are searching.
Below is an example report of a User’s browsing and search queries through
YouTube, and the videos they have viewed:
Sonar 3.5.3 Release Notes
15
Search Engine Reports
In addition to YouTube Reports, Sonar can run reports on Google search queries.
Google search reports can also be refined with the use of keywords and expressions.
The report below is an example of a report run on Google, using keywords relating to
self-harm.
Category Reports
The last report we’ve added to Sonar is the ability to run reports on Categories.
Previously, Sonar could run User reports to display which websites a User was
visiting, but could not run a report on a User for visits to a site under a single Category
(for example, a User going to websites categorised as “Nudity”). In the example below,
we have run a report on a User with the Category tag “News” to see all the News-
related websites they have visited:
Sonar 3.5.3 Release Notes
16
Resolved Issues
Block Page URL Issue
Sonar had an issue where users could appear to change the Category of a website
displayed on the Block Page by editing the URL. This is no longer the case, as the
Block Page redirect link will now be a default URL.
Domain Authentication Monitor
Previously, when a Domain Controller with the AD Passthrough Agent installed was
rebooted, administrators had to manually go into Sonar’s GUI under Network
Authentication Servers Domain Authentication Monitor and re-enable the Monitor
manually for Active Directory logins to be successfully passed through Sonar. This has
now been changed to be a configurable task. You can enable either Automatic or
Manual Enablement in Sonar’s Proxy settings in the GUI.
Foreign Language in URL causing Null Pointer exceptions
It was discovered in Sonar v3.5.2 that if a foreign language character was entered into
a URL, for example, via a search query in Google or Bing, a Null Pointer Exception
would be thrown in Sonar’s Proxy. This has now been resolved.
SMTP Profile/Server changes not applying
There was previously an issue with Sonar’s SMTP service not properly applying profile
or server configuration changes when hitting “Apply” in the GUI. A full restart of the
SMTP engine was required to make any changes active. This has now been resolved
and hitting “Apply” within the GUI will now apply changes immediately.
Database Pool Size Maxing Out
There was an issue in Sonar v3.5.2 where Database connection pools were reaching
their limits, which resulted in browsing issues for Users. This has now been resolved.