Mimecast Web Security: Configuring a Policy

Document created by user.oxriBaJeN4 Employee on Aug 6, 2018Last modified by user.oxriBaJeN4 Employee on Feb 20, 2019
Version 37Show Document
  • View in full screen mode

Mimecast Web Security policies define the rules applied to user activity in an organization's environment, at the server level or front line layer of the web. A multi-layer security approach can be taken, where administrators have the flexibility to:

  • Define specific domains that should be blocked or allowed.
  • Define the site categories that should be blocked from user access.
  • Select whether a policy applies to everyone in your organization, or to a specific user or group.
  • Select whether a policy applies to a specific location.

 

Configuring a Mimecast Web Security Policy

 

To configure a Mimecast Web Security policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Select the Web Security | Policies menu item. A list of policies is displayed.
  4. Click on the Create New Policy button.
  5. Complete the Policy Details dialog as follows:
    Field / OptionDescription
    NameEnter a name for the policy.
    TypeSelect one of the following policy types:
    • URL Filtering: Allows you to specify whether to block or allow access to one or more domain / URLs. This policy type overrides all other web security policies.
    • Category Filtering: Allows you to block domains / URLs based on their category (e.g. adult, NSFW). If a category is allowed, further block rules can still apply from other policies.
    • Targeted Threat Protection: Allows you to utilize the managed URLs and advanced similarity checks in the URL Protection product. This policy type is only visible if the URL Protection package is enabled for your account. View the URL Protection Definitions and Policies page for more information.
      If your managed URLs list contains both URLs and domains and you wish to filter both, you must have an Advanced Security policy with the Web Proxy option enabled for those targets.
    • Advanced Security: Allows you to configure advanced options (e.g. SafeSearch, Web Proxies).
    A URL Filtering policy takes precedence over any TTP managed URL. For example, if <domain>.com is in your managed URL list, but blocked in a URL Filtering policy, access to the domain is blocked.
  6. Click on the Next button.
  7. Configure the Settings for the selected policy type. Refer to the "configuring" sections below for further instructions.
    • URL Filtering
    • Category Filtering
    • Targeted Threat Protection
    • Advanced Security
  8. Click on the Next button.
  9. Select who the policy applies to:
    You can add multiple locations, users, and groups to a single policy, making it easier to configure and manage your Web Security policies.
    • Everyone: The policy applies to all users in your organization.
    • Location: The policy applies to all users defined in a location. See the Mimecast Web Security: Configuring Locations page for further details.
      1. Click on the Select Location button.
      2. Select a Location from the list, or use the search tool to find one.
    • Group: The policy applies to a group of users.
      1. Click on the Select Group button.
      2. Select a group from the Active Directory Groups or Local Groups tab.
    • User: The policy applies to an individual user:
      1. Click on the Select User button.
      2. Select the User from the list displayed, or use the search tool to find them.
  10. Click on the Next button.
  11. Review the Summary displayed to ensure all details are correct.
  12. Click on the Create Policy button. The new policy is displayed.

 

Configuring a URL Filtering Policy

 

To configure a URL Filtering policy, you've the option of blocking / allowing access to:

  • Individual domains / URLs by manually entering them.
  • Multiple domains / URLs by importing a CSV file.
    If your URL Filtering policy contains URLs, you must have an Advanced Security policy with the "Web Proxy" option enabled for those targets.

Domain FilteringBlocking / Allowing Individual Domains / URLs 

 

To block or allow access to individual domains / URLs:

  1. Select either the Block or Allow option.
  2. Enter the Domain / URL in the field (e.g. company.com). See the Mimecast Web Security: URL Filtering Policy Rules / Examples  page for further details.
  3. Click on either the Block or Allow button. The domain / URL is added to the domain / URL block / allow list.
    Click on the Trash Can Icon to remove a domain / URL from the block / allow list.
  4. Continue to Step 8 of the "Configuring Mimecast Web Security Policies" section above.

 

Blocking / Allowing Multiple Domains /URLs

 

To block or allow access to multiple domains / URLs:

  1. Import DomainsClick on the Upload a CSV File link. A popup dialog is displayed.
  2. Click on the Download button. The CSV file is downloaded to your browser's download location.
    1. Delete the first line of the template and enter:
    2. Save the .CSV file.
    3. Return to the dialog and click on the Upload button.
    4. Click on the Import button.
      5000 is the maximum number of entries that can be uploaded in the .CSV file.
  3. Continue to Step 8 of the "Configuring Mimecast Web Security Policies" section above.

 

Configuring Exceptions and Top Level Domains

 

TLDsYou can allow / block top-level domains (TLDs) in a URL filtering policy. This offers you granular control to allow / block a sub-domain under the same TLD. For example, you can block the TLD "cn" by adding it to the block list but allow the subdomain "thepaper.cn", and vice versa.

TLDs are accepted without punctuation (i.e. you don't need to include a period symbol prior to the TLD.)

If there are applications that all users should have access to (e.g. Dropbox, Slack) we recommend adding the domains to your exceptions list, as this overrides all other policies. View the Mimecast Web Security: Managing Exceptions page for more information.

 

Configuring a Category Filtering Policy

If a category is allowed, further block rules may still apply from other policies.

To configure a category filtering policy:

  1. Select the categories to block or allow from the table below. You can opt to:
    • Allow All: Allows users to access all domains in the category group.
    • Block All: Blocks users from access to all domains in the category group.
    • Custom: Allows you to allow or block subcategories in the main category group.
  2. Select Allow / Block from the drop down menu next to each subcategory.
    See the Mimecast Web Security: Policy Categories  page for a full list of the categories and subcategories, complete with a description.
  3. Continue to Step 8 of the "Configuring Mimecast Web Security Policies" section above.

 

Configuring a Targeted Threat Protection Policy

 

To configure a targeted threat protection policy:

  1. If required, block access to the URLs and domains in your managed URLs list:
    1. Click on the View Your Managed URLs link to view your managed URLs and domains.
    2. Click on the URLs and Domains From Your Managed URLs List Will be Blocked option to enable it.
  2. Click on the Next button.
  3. TTP Policy Advanced Similarity ChecksIf required, configure the checks used to detect the use of special characters that look like other characters in the domain.
    This checks DNS requests against both Mimecast’s managed domain lists, and your custom monitored internal and external domains.
    1. Click on the Custom Monitored External Domains link to view your custom external domain list. See the Targeted Threat Protection: Custom Monitored External Domains page for further information.
    2. Click on the Advanced Similarity Check option.
    3. Select from one of the following Action options:
      • Block: Blocks the user from accessing the link and displays a block page.
      • Warn: Displays a warning page to the user, allowing them to access the link if they choose.
  4. Continue to Step 8 of the "Configuring Mimecast Web Security Policies" section above.

 

Configuring an Advanced Security Policy

 

Safe SearchTo configure an advanced security policy:

  1. If required, toggle the SafeSearch setting on for one or more of the listed sites.
    When SafeSearch is enabled, it helps block explicit images, videos, and websites from search results. While SafeSearch isn’t 100% accurate, it can help your organization avoid explicit and inappropriate search results on user's phones, tablets, and computers.
  2. Click on the Next button.
  3. Optionally toggle on the Newly Observed Domains setting to block newly observed domains that might be malicious.
  4. Click on the Next button.
  5. Configure the Web Proxy settings:
    SettingDescription
    Web ProxyToggle this setting to enable proxying of suspicious sites. This allows SSL inspection, URL categorization, and antivirus scanning.
    This option must be enabled to display the Antivirus Scanning setting below.
    Antivirus ScanningToggle this setting to enable / disable antivirus scanning. If enabled, proxied traffic is scanned for malware.
    This option must be enabled to display the Unscannable Content setting below.
    Unscannable ContentSelect to Block or Allow files which cannot be scanned due to encryption or corruption.
  6. Continue to Step 8 of the "Configuring Mimecast Web Security Policies" section above.

 

Changing a Mimecast Web Security Policy

Depending on the changes you want to make, you may find it easier to copy the existing policy. See the "Copying a Mimecast Security Policy section below for full details.

Changing a PolicyTo change a policy:

  1. Either:
    • Click on a Policy from the policy list, and click on the Edit button in the sliding panel.
    • Click on the Menu Icon icon to the right of a listed policy, and select the Edit menu item.
  2. Click on the tabs on the left hand side to switch between the policy sections, making any changes as you go.
    The tabs displayed vary depending on the policy type selected.
  3. Click on the Save & Close button.

 

Copying a Mimecast Security Policy

 

You can copy an existing policy. This leaves the original policy intact, and creates another that you can change:

  1. Either:
    • Click on a Policy from the policy list, and click on the Duplicate button in the sliding panel.
    • Click on the Menu Icon icon to the right of a listed policy, and select the Duplicate menu item.
  2. Change the Policy Name. By default the name is "Copy of XXXXXX", where XXXXXX is the name of the original policy.
  3. Click on the tabs on the left hand side to switch between the policy sections, making any changes as you go.
    The tabs displayed vary depending on the policy type selected.
  4. Click on the Save & Close button.

 

Deleting a Mimecast Web Security Policy

 

Delete PolicyTo delete a policy:

  1. Either:
    • Click on a Policy from the policy list, and click on the Delete button in the sliding panel.
    • Click on the Menu Icon icon to the right of a listed policy, and select the Delete menu item.
  2. Click on the Delete button to confirm the policy's deletion.

 

See Also...

 

1 person found this helpful

Attachments

    Outcomes