MessageLabs FAQ - Web Security Services

It is inevitable that there is some time involved in processing this sort of handling of web traffic, but in practical terms there will be little or no discernible delay in your web browsing caused by the use of the MessageLabs Web Security Services v2. The use of regional Web Security Services servers, combined with the global load balancing techniques in use, ensure that web traffic is appropriately sent to a server that can deal with the requests made to it promptly.

When access is denied to a website for any reason, an alert page is normally displayed in the user’s web browser – this can be set up as required, for example with details about what has happened and what the user should do next. See [window u>User alerts] for further details.

Once the redirection to the Web Security Services proxy service on port 3128 has been set up and fully tested, port 80 should be blocked on the gateway firewall device. This will ensure that all outgoing web traffic can only go via the MessageLabs Web Security Services v2. This is especially important if the users’ web browser proxy settings cannot be locked down. It forces the users to keep the proxy settings in place if they want to be able to surf the net. This is also important in the case of a mixed environment where both PC and Mac users are being configured. The PC users can have their settings locked down but the Mac users cannot be restricted in this way, so locking down port 80 on the firewall is essential.

The way in which the MessageLabs Web Security Services v2 can limit access to categorised sites means that you could limit access by category to (for example) Kids, Education, News, and block access to any other sites. If you want to be ultra cautious, we have provided the category of "Unclassified" which you could use to block anything that we cannot assign a category to – thus avoiding problems caused by missing any brand new sites which are not in the categories database yet.

There are two levels of protection. You could:

• Block access to all Webmail sites by category; or
  
• If the Webmail site does not use SSL, you could permit it, knowing that items downloaded via HTTP to the client PC are checked for malware and spyware.

No – the way P2P networks operate is by using their default ports (e.g. 1214) and various other ports, including port 80 (used for normal HTTP web traffic), to try and bypass firewall protection. Several firewalls, including the built-in Windows XP SP2 firewall, may be able to successfully block P2P traffic under certain circumstances – please see your firewall vendor’s documentation for details.

No – any URLs entered under the Specific URLs tab must be entered in percent-encoded format (if applicable – most URLs do not include these characters). Similarly any URLs reported in the detailed or audit reports will be in percent-encoded format.

Changes are typically applied within one hour – on average the time will be around five minutes, and normally will not be more than fifteen minutes.

All MessageLabs services are based on a per user, per month subscription, plus a one-off minimal set-up fee.

You simply pay a fixed monthly cost based on the number of users connected. Each service can be purchased separately or you can bundle multiple services to provide complete security protection.

All pricing quotes are individually tailored for each client’s specific requirements and MessageLabs offers discounts for both scale and multiple services.

To find out more, speak with a sales consultant.