Cisco Cisco Web Security Appliance S670 Betriebsanweisung

14

I R O N P O R T   A S Y N C O S   6 . 3   F O R   W E B   U S E R   G U I D E  

H O W   T H E   WE B   S E C U R I T Y   A P P L I A N C E   WO R K S

The Web Proxy and the L4 Traffic Monitor are independent services. They are enabled and 
configured separately to provide the highest level of protection against a broad range of web-
based malware threats.

The Web Proxy and L4 Traffic Monitor use data that is stored in filtering tables to evaluate and 
match URL request attributes such as domain names, and IP address path segments with 
locally maintained database records. If a match occurs, Access Policy settings determine an 
action to block or monitor the traffic. If no match occurs, processing continues. 

The Web Security appliance Web Proxy supports the following security features:

• Policy groups — Policy groups allow administrators to create groups of users and apply 

different levels of category-based access control to each group.

• IronPort URL Filtering Categories — You can configure how the appliance handles each 

web transaction based on the URL category of a particular HTTP request.

• Web Reputation Filters — Reputation filters analyze web server behavior and 

characteristics to identify suspicious activity and protect against URL-based malware 
threats. 

• Anti-Malware Services — The IronPort DVS™ engine in combination with the Webroot™ 

and McAfee scanning engines identify and stop a broad range of web-based malware 
threats.

For detailed information about Web Proxy services, see “Web Proxy Services” on page 67.

The L4 Traffic Monitor is a configurable service that listens and monitors network ports for 
rogue activity and blocks malware attempts to infect your corporate network. Additionally, the 
L4 Traffic Monitor detects infected clients and stops malicious activity from going outside the 
corporate network. 

For detailed information about the L4 Traffic Monitor, see “L4 Traffic Monitor” on page 385.