Cisco WSA Defending Malware
In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the last post in the series.
Malware.. we all know that we don’t want it. But how do we block it?
All websites have a Web based reputation number (WBRS). This is a number between -10 and +10. You can define what ranges are used for what action. Think about: -10 to -5 drop, -4 to +5 scan, +6 to +10 do not scan. The WSA receives regulary updates with new reputations.
Note: these features are licensed!
You can enable of disable WBRS by clicking Security Services > Web Reputation and Anti-Malware. It’s recommended to NOT disable WBRS! I will therefore not cover anything related to disabling WBRS features.
All required configuration is enabled by default. Sophos engine scanning is available but a separate license is needed for McAfee engine scanning.
To configure the engines, click Security Services > Web Repurations and Anti-Malware > Edit Global Settings.
You can enable/disable web reputation per access policy: