--> WSA uses two type of policies to detect and prevent malwares in the network:
1) Web Reputation Score
2) Anti Malware Scanning
--> Each URL is assigned between a score of +10 to -10 by WBRS.
--> By default, the url score between -10 and -6 is blocked ( No Malware Scanning)
--> By default, the url score between -5.9 and +10 is allowed ( Malware Scanning is done by Anti Malware Scanning Engine)
--> Web traffic is actively scanned by following scan engines in WSA:
1) Web Root ( Adware,Spyware,Trojans )
2) Sophos ( Worms,Viruses and Trojans)
3) Mcafee
4) Cisco AMP ( Signature based and non-signature based)
--> If one of the following engine founds any malware in the web traffic then it is going to block the request.
--> Anti Malware scanning engine scans web traffic in following two methods:
1) Traffic received on Proxy port ( No need to configure SPAN and new method)
2) Traffic received on L4TM Port ( Need to configure SPAN and old method, It is similar to IPS/IDS)
--> By default, Web Reputation filtering and Anti Malware scanning is enabled.
--> By default, the malware anti scanning engine does not block anything such as protocols/user agents ( Action set to monitor)
1) Web Reputation Score
2) Anti Malware Scanning
--> Each URL is assigned between a score of +10 to -10 by WBRS.
--> By default, the url score between -10 and -6 is blocked ( No Malware Scanning)
--> By default, the url score between -5.9 and +10 is allowed ( Malware Scanning is done by Anti Malware Scanning Engine)
--> Web traffic is actively scanned by following scan engines in WSA:
1) Web Root ( Adware,Spyware,Trojans )
2) Sophos ( Worms,Viruses and Trojans)
3) Mcafee
4) Cisco AMP ( Signature based and non-signature based)
--> If one of the following engine founds any malware in the web traffic then it is going to block the request.
--> Anti Malware scanning engine scans web traffic in following two methods:
1) Traffic received on Proxy port ( No need to configure SPAN and new method)
2) Traffic received on L4TM Port ( Need to configure SPAN and old method, It is similar to IPS/IDS)
--> By default, Web Reputation filtering and Anti Malware scanning is enabled.
--> By default, the malware anti scanning engine does not block anything such as protocols/user agents ( Action set to monitor)
0 comments:
Post a Comment