CCNA Security 210-260 Certification Guide
上QQ阅读APP看书,第一时间看更新

Cisco IronPort Web Security Appliance

As organizations increasingly allow their employees to use their own unregistered personal devices, attacks also increase. Hence, the company will need an effective solution for protecting web traffic. Cisco provides an effective solution called Cisco IronPort S670 Web Security Appliance (WSA). This has a combination of signature malware detection and inline file sharing. 

Cisco IronPort S670 has blocked more than 30 million malicious objects.

Cisco IronPort Web Security Appliance is a web proxy that checks and allows, or blocks, web traffic based on filters and inline file scanning. There are two capabilities of the WSA:

  • Web-Based Reputation Filters (WBRS)
  • Webroot and McAfee anti-malware scanning engines

When a user enters a URL in the web browser, this request is forwarded by the web cache communication protocol to the load-balanced pool of Cisco's WSA. The WSA checks whether to allow or block the website based on the score. The reputation score is stored in a cloud service called Senderbase.org (https://talosintelligence.com/).

Senderbase.org (https://talosintelligence.com/) allots reputation scores for each website, ranging from -10 to 10. Websites with a reputation score of -6 to -10 are blocked by the security appliance with scanning, and sites with a score of 6 to 10 are allowed without scanning. 

Cisco WSA can be deployed in two methods: 

  • As an explicit proxy configuration
  • As a transparent proxy

Cisco WSA will be dealt with in more detail in upcoming chapters.