Tracking Processors: Client Beacon Processor

The client beacon processor is intended to digitally tag users for later identification by for embedding a tracking token into the client. There are configurable parameters that administrators can use to configure each type of storage mechanisms that are used track malicious users.

Table 27: Client Beacon Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether traffic should be passed through this processor.

Advanced

Flash Storage Enabled

Boolean

True

Whether to use the flash shared data API to track the user.

IE UserData Storage Enabled

Boolean

True

Whether to use Internet explorers userData storage API to track the user.

Local Storage Enabled

Boolean

True

Whether to use Javascript local storage to track the user.

Private Storage Enabled

Boolean

True

Whether to track users between private browsing mode and normal browsing mode in Firefox. A collection of names to use for the Application session cookie.

Silverlight Storage Enabled

Boolean

True

Whether to use the Silverlight storage api to track the user. The Silverlight storage API is unique in that it is exposed across all browsers. If this beacon is enabled and the user has Silverlight installed, this beacon can track the user even if they switch browsers.

Window Name Storage Enabled

Boolean

True

Whether to use the window.name property of the browser window to track the user.

Resource Extensions

Collection

Collection

A collection of resource extensions to use for the processor.

Script Refresh Delay

Integer

3600 (1 Hour)

The amount of time in seconds to cache the randomly generated set of beacon scripts. After this amount of time, the beacon scripts will change.

Script Variations

Integer

30

The number of random variations of the beacon script to cache, and then to select from on each request.

Incident: Beacon Parameter Tampering

Boolean

True

The user has issued a request to the session tracking service which appears to be manually crafted. This is likely in an attempt to spoof another users session, or to exploit the applications session management. This would never happen under normal usage.

Incident: Beacon Session Tampering

Boolean

True

The user has altered the data stored on the client in an effort to prevent tracking. They have altered the data in such a way as to remain consistent with the same data format. This would never happen under normal usage.