Cisco WSA Defending Malware

In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:

Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware

This is the last post in the series.

Malware.. we all know that we don’t want it. But how do we block it?

All websites have a Web based reputation number (WBRS). This is a number between -10 and +10. You can define what ranges are used for what action. Think about: -10 to -5 drop, -4 to +5 scan, +6 to +10 do not scan. The WSA receives regulary updates with new reputations.

Note: these features are licensed!

You can enable of disable WBRS by clicking Security Services > Web Reputation and Anti-Malware. It’s recommended to NOT disable WBRS! I will therefore not cover anything related to disabling WBRS features.

All required configuration is enabled by default. Sophos engine scanning is available but a separate license is needed for McAfee engine scanning.

To configure the engines, click Security Services > Web Repurations and Anti-Malware > Edit Global Settings.

antimalware

You can enable/disable web reputation per access policy:

webreppolicy