Cisco Cisco Web Security Appliance S170 Guía Del Usuario
8-2
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 8 Configuring Security Services
Overview of Web Reputation Filters
•
Presence on any allow lists
•
URL typos of popular domains
•
Domain registrar information
•
IP address information
Note
Cisco does not collect identifiable information such as user names, passphrases, or client IP addresses.
Understanding How Web Reputation Filtering Works
Web Reputation Scores are associated with an action to take on a URL request. You can configure each
policy group to correlate an action to a particular Web Reputation Score. The available actions depend
on the policy group type that is assigned to the URL request:
policy group to correlate an action to a particular Web Reputation Score. The available actions depend
on the policy group type that is assigned to the URL request:
Web Reputation in Access Policies
When you configure web reputation settings in Access Policies, you can choose to configure the settings
manually, or let AsyncOS for Web choose the best options using Adaptive Scanning. When Adaptive
Scanning is enabled, you can enable or disable web reputation filtering in each Access Policy, but you
cannot edit the Web Reputation Scores.
manually, or let AsyncOS for Web choose the best options using Adaptive Scanning. When Adaptive
Scanning is enabled, you can enable or disable web reputation filtering in each Access Policy, but you
cannot edit the Web Reputation Scores.
Policy Type
Action
Access Policies
You can choose to block, scan, or allow
Cisco IronPort Data Security Policies
You can choose to block or monitor
Score
Action
Description
Example
-10 to -6.0
Block
Bad site. The request is blocked,
and no further malware scanning
occurs.
and no further malware scanning
occurs.
•
URL downloads information without
user permission.
user permission.
•
Sudden spike in URL volume.
•
URL is a typo of a popular domain.
-5.9 to 5.9
Scan
Undetermined site. Request is
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
•
Recently created URL that has a
dynamic IP address and contains
downloadable content.
dynamic IP address and contains
downloadable content.
•
Network owner IP address that has a
positive Web Reputation Score.
positive Web Reputation Score.
6.0 to 10.0
Allow
Good site. Request is allowed.
No malware scanning required.
No malware scanning required.
•
URL contains no downloadable
content.
content.
•
Reputable, high-volume domain
with long history.
with long history.
•
Domain present on several allow
lists.
lists.
•
No links to URLs with poor
reputations.
reputations.