In addition to configuring how threats are handled, a policy is also where your organization controls access to websites and web applications. SIA includes categories for websites that you can block within an enterprise.
Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to domains in a category is allowed, scanned by SIA, monitored by SIA, or blocked in your network. For a list and description of all AUP categories, see Acceptable use policy categories.
With AVC, you can add an AUP category to the policy and select a policy action. You can also see the web applications that are associated with each AUP category. To learn more about AVC, see Application visibility and control.
If SIA Proxy is enabled, you can:
Scan requested content with SIA malware engines. If SIA Proxy is configured as a full web proxy, SIA Proxy scans websites for categories that are not blocked or assigned the bypass action. For more information about full web proxy, see Full web proxy.
Configure an authentication policy. To prompt users to authenticate before accessing an allowed website or web application, you can select the Require or Optional authentication modes. Otherwise, you can select None. For more information, see Authentication policy.
Select the users and groups granted access to websites or web applications. This functionality is available when authentication is required or optional in a policy configuration. Users or groups that are exceptions to a block action are prompted to authenticate. If no threat is detected, these users are granted access to websites in these categories. To select users or groups as exceptions, you need to assign an IdP to the policy.
Bypass a category. This action allows websites or web applications in the associated category to bypass SIA or if the proxy is enabled, SIA Proxy.
You may want to select the bypass action for categories that are associated with sensitive information such as the Finance & Investing and the Healthcare categories. This action prevents SIA or SIA Proxy from inspecting this traffic.
Select an operating mode. The Operating Mode menu in the policy defines the mode that SIA uses for traffic by default. You can select the Full Web Proxy, Selective Proxy, Walled Garden, and DNS Protection.
Full Web Proxy. Directs all traffic to SIA Proxy.
Selective Proxy. Directs domains and risky web traffic to SIA Proxy, and DNS traffic that’s configured with the Allow action to SIA Proxy.
Walled Garden. Blocks all traffic unless it’s configured with the Allow action.
DNS Protection. Protects DNS traffic based on the policy. You can select this mode only when SIA Proxy is disabled.
If the Operating Mode is set to the selective proxy, categories that are not blocked are reported as unclassified. For more information, see Default operating mode.
Select a mobile mode. You select this mode in a policy for mobile traffic when ETP Client is installed on a device. You can define a mode for these mobile devices:
- iOS. For iOS devices, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.
- Android. For Android devices, you can select any of these modes: Full Proxy, Selective Proxy, Walled Garden, and Proxy (Browsers Only). Proxy (Browsers Only) directs only browser traffic to the proxy.
- Chrome OS. For Chrome OS, you can select any of these modes: Full Proxy, Selective Proxy, and Walled Garden.
For more information, see Mode for mobile devices.
Secure Internet Access Enterprise includes AUP categories that you should consider blocking in your network:
Anonymizers. This category is made up of services that allow users in your corporate network to bypass enterprise security settings. These services may include a personal VPN or an anonymizing proxy.
File Sharing. Category for file sharing services or applications such as Dropbox, Google Drive, and OneDrive. These services allow users to download and upload a large number of files to your network, potentially creating a backdoor to your organization's network. If you do not want to block File Sharing, SIA provides a policy option that allows you to analyze downloads from these domains. For more information, see Scan file sharing downloads for malware.
If your organization uses a custom response and SIA Proxy is disabled, you can associate a custom response to a blocked action. As part of the block action, traffic to blocked websites and web applications is forwarded to the custom response. Information about the machine that made the request is recorded. Keep in mind that this data is not reported in SIA. To learn more about custom responses, see Configure a custom response.
Acceptable use policy categories classify requested websites. Depending on the action that's associated with a category, the policy defines whether traffic to websites in these categories is allowed, scanned by SIA Proxy, monitored by SIA, or blocked in your network.
AUP categories are configured in a policy as part of access control and AVC. You add AUP categories to a policy and select an action for these categories. For more information, see Configure access control and Application visibility and control.
If SIA Proxy is enabled as a full web proxy, requests to allowed (not blocked) websites are still directed to SIA Proxy for analysis. Secure Internet Access Enterprise Proxy scans web traffic and blocks non-web traffic that is sent over port 443, such as Extensible Messaging and Presence Protocol (XMPP) or XMPP over TLS.
If there is a website that you don't want directed to SIA Proxy, make sure you configure these domains in an exception list. An exception list is automatically assigned the bypass action in a policy. For more information, see Exception lists.
|Abortion||Websites that are in favor of or against abortion. This includes websites that describe the procedure, provide information on where to obtain one, and give testimonials on the topic.|
|Alcohol & Tobacco||Websites that promote, sell, or provide information related to the consumption of alcohol or the use of tobacco and tobacco-related products.|
|Anonymizers||Websites that provide anonymous access to other websites through a proxy. These proxies avoid URL filtering and monitoring. You should block this category to prevent end users from bypassing enterprise security.|
|Auctions||Websites that offer online auctions.|
|Blogging||Websites that are blogs or host and publish blogs. These websites contain regularly posted entries that share views, commentary, or personal content. Blogs often include photos and multimedia.|
|Business & Economy||Websites focused on business firms, marketing, management, economics, and entrepreneurship. This includes corporate websites and websites dedicated to other consumer services.|
|Chat Site||Websites that enable users to chat in real time through chat rooms, online conferences, video chat, or instant messaging.|
|Child Abuse / Exploitation||Websites that contain obscene, harmful, and sexually explicit or suggestive content involving minors. This content includes pornographic visual depictions in images, videos, and other media.|
|Computer & Internet Info||Websites related to computers that provide technical information. Websites in this category focus on hardware, software, SaaS, Internet services, or more.|
|Computer & Internet Security||Websites that discuss or provide information on computers and Internet security.|
|Confirmed Spam Sources||Websites that are known spam sources.|
|Content Delivery Networks||Websites that deliver content and data such as images, videos, and media files as a result of a content delivery network.|
|Criminal Skills||Websites that provide resources, information, or equipment to commit crimes and avoid prosecution.|
|Cult and Occult||Websites for religious movements, groups, or sects that are exploitative or unorthodox. This category also contains websites focused on the practice of magic to interpret and influence events.|
|DNS-over-HTTPS Providers||Websites of DNS-over-HTTPS (DoH) providers. DoH encrypts DNS requests and prevents a threat actor from manipulating DNS data. While DoH protects DNS traffic, you should block this category to prevent end users from bypassing SIA security.|
|Dead Sites||Websites that cannot be categorized into an AUP category. These websites do not respond to HTTP queries.|
|Drugs||Websites that sell, supply, promote, or advocate for the abuse or illegal use of drugs. These websites also provide information on the cultivation, manufacture, or distribution of drugs, pharmaceuticals, intoxicating plants, chemicals, and any drug-related equipment.|
|Dynamic Content||Websites that dynamically generate content based on URL or other information from the web request.|
|Educational Institutes||Websites for schools and institutions at all educational levels. This category includes websites with content that's designed for students, administrators, and teachers such as enrollment or course information.|
|Entertainment & Arts||Websites related to the arts, including film, television, music, books, theater, and more. This includes websites for museums, art galleries, and artists.|
|Fashion & Beauty||Websites focused on glamor, beauty, cosmetics, fashion, and clothes. This includes websites for publications on these subjects.|
|File Sharing||Websites with clients, protocols, and other resources that allow users to download and share files with others. These websites may also enable users to stream unauthorized content such as movies, TV shows, and more.|
|Finance & Investing||Websites that allow users to access, research, and manage their finances and investments. These websites are used for online banking, credit cards, personal and financial portfolios, and more.|
|Forums & Message Boards||Websites that host online communities and allow end users to engage in discussions on a variety of topics. These websites include moderated or unmoderated web forums, message boards, online question and answer sites, and more.|
|Gambling||Websites that promote gambling and allow users to gamble or place bets. Websites in this category may teach gambling, predict race winners, show lottery numbers, allow users to register for gambling tournaments, and more.|
|Games||Websites related to the development, promotion, review, download, and overall play of online, PC, handheld, and console video games.|
|Gore||Websites that promote or feature excessive, graphic, or deliberate violence against humans or animals. Websites may include real or animated scenes of violence, extremely violent video games, horror media and entertainment, and more.|
|Government||Websites that contain information on the government, government agencies, and services. This includes local, county, state, and national government websites.|
|Hacking||Websites with resources that allow hackers to gain unauthorized access and compromise a system or network with computer programming.|
|Hate||Websites that promote or feature discriminatory, hostile, intolerant, and aggressive content with the intent to denigrate or disparage an individual or group based on race, religion, gender, nationality, ethnicity, sexual orientation, and other involuntary characteristics. These sites may use alleged scientific or accredited methods to justify this content.|
|Healthcare||Websites related to human health, including disease or illness, treatment, nutrition, and fitness. These websites are also dedicated to healthcare facilities, health insurance, pharmaceuticals, and more.|
|Home & Garden||Websites that sell products for the home, including decor, tools for maintenance and gardening, electronics, and more.|
|Hunting & Fishing||Websites focused on hunting or fishing as a sport or recreational activity.|
|Image & Video Search||Websites that are related to photography and host digital photos.|
|Individual Stock Advice & Tools||Websites that promote or facilitate stock trading and the management of investment assets. This includes websites that contain information on financial investment news, strategies, and quotes.|
|Internet Portals||Websites that are a gateway to other content and services on the Internet.|
|Job Search||Websites that assist with job searches, provide job information, and offer resources for locating employment. Websites in this category also help employers find candidates.|
|Keyloggers & Monitoring||Websites that log keystrokes and are known to monitor a user's Internet activity.|
|Kids||Websites that are designed to provide a safe Internet experience for young children and adolescents.|
|Legal||Websites focused on the practice of law, legal issues, and research, as well as law enforcement. This category also includes the official websites of law firms.|
|Lingerie||Websites that promote, review, or sell lingerie or intimate apparel.|
|Local Information||Websites that feature or promote restaurants, local areas of interest, tourist attractions, city guides, and more.|
|Marijuana||Websites that advertise or officially sell cannabidiol (CBD). This category excludes websites that promote CBD or marijuana for recreational use.|
|Military||Websites dedicated to the military, armed forces, military history, and military personnel. This category also includes websites dedicated to services for veterans, soldiers, and their families.|
|Motor Vehicles||Websites that sell, manufacture, review, promote, or discuss motorized vehicles and their related products.|
|Music||Websites that stream, sell, and allow users to download music. This category also includes websites that provide information on musical artists, song lyrics, performances, and more.|
|News & Media||Websites that communicate the news. This category includes websites for newspapers, public broadcasting stations, radio stations, and more.|
|Nudism and Naturism||Websites that depict the naked body but are not pornographic or sexual in intent. For example, websites in this category may show the naked body in art form. This category also contains websites that feature or promote nudism or a nudist lifestyle.|
|Online Greeting Cards||Websites for online greeting cards.|
|Parked Domains||Websites that host limited content and may contain advertisements to generate revenue. These websites are usually owned by domain name registrars, domain brokers, or Internet advertising publishers.|
|Pay to Surf||Websites that pay users to find and review content on the Internet.|
|Peer to Peer||Websites that enable users to illegally share and transmit digital content.|
|Personals & Dating||Websites focused on establishing romantic relationships or marriage. These websites may offer online dating services, professional matchmaking and matrimonial services, tips for dating, and more.|
|Plagiarism||Websites that offer, sell, or promote free academic writing services.|
|Political Advocacy||Websites focused on politics or philosophy where a particular viewpoint is expressed.|
|Pornography Websites||Websites that contain sexually explicit material meant to incite sexual excitement or interest.|
|Real Estate||Websites related to the rent and purchase of real estate or other property. This category also includes websites on mortgages, real estate agents, tips on selling a home, property improvement, and more.|
|Recreation & Hobbies||Websites focused on hobbies and recreational activities for enthusiasts and amateurs. This includes websites that provide information on associations, forums, and publications for these interests, such as outdoor activities, crafts, and collecting.|
|Reference & Research||Websites for personal, professional, and educational research. Websites in this category include online dictionaries, library catalogs, scientific information, and more.|
|Religion||Websites dedicated to religious subjects, practices, services, and houses of worship.|
|Search Engines||Websites that search the Internet for information, images, video content, and more based on provided keywords and phrases.|
|Self-Harm||Websites that promote, normalize, or glamorize the repetitive and deliberate ways to inflict harm to oneself. This category also contains websites that advocate or glorify suicide and promote methods for committing suicide.|
|Sex Education||Websites that contain information about reproduction, sexual development, sexual orientation, contraceptives, sexually transmitted diseases, and other topics related to sex.|
|Shareware & Freeware||Websites that offer free software, utilities, media, and other content for legal download.|
|Shopping||Websites that allow consumers to purchase goods and services from retailers or sellers.|
|Spam URLs||Websites or URLs from spam messages.|
|Sports||Websites that analyze, promote, or provide information about competitive sports or sports fans.|
|Spyware & Adware||Websites associated with vendors of spyware or adware. These websites may gather information about the user, display unsolicited advertising, and download unwanted software to the user's machine.|
|Streaming Websites||Websites that feature and transmit live or on-demand audio or video content over the Internet. This includes websites that sell, deliver, and stream content to users.|
|Training & Tools||Websites focused on developing or attaining a formal education or vocational skills. Websites in this category offer online courses, software training, and more.|
|Translation||Websites used for translation that allow users to see content or URL pages in other languages.|
|Travel||Websites related to travel, including booking a trip, travel agencies, reserving hotels, and more.|
|Virtual Community||Websites that promote social networking and have online communities where users interact and communicate with one another.|
|Weapons Related||Websites that promote and provide information on various types of weapons, such as knives and guns. This category includes websites that sell knives, guns, and firearm accessories. It also includes websites that provide instructions on making weapons for hand-to-hand combat or martial arts.|
|Web Advertisements||Websites that host advertisements to attract consumers and increase web traffic.|
Updated about 1 year ago