Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 18 Web Reputation Filters
Web Reputation Scores
18-2
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
appliance can be configured to send web reputation statistics to a SenderBase
server. SenderBase server information is leveraged with data feeds from the
IronPort Common Security Database (SenderBase® Network) and the collective
information is used to produce a Web Reputation Score.
server. SenderBase server information is leveraged with data feeds from the
IronPort Common Security Database (SenderBase® Network) and the collective
information is used to produce a Web Reputation Score.
Note
For more information, see
Maintaining the Database Tables
The web reputation filtering component periodically receives updates to its
database tables from the IronPort update server
(
database tables from the IronPort update server
(
https://update-manifests.ironport.com
). Server updates are automated, and
the update interval is set by the server as opposed to the appliance. Updates to the
database tables occur with a regular degree of frequency, and require no
administrator intervention.
database tables occur with a regular degree of frequency, and require no
administrator intervention.
For information about update intervals and the IronPort update server, see
Web Reputation Scores
Web Reputation Filters use statistically significant data to assess the reliability of
Internet domains and score the reputation of URLs. Data such as how long a
specific domain has been registered, or where a web site is hosted, or whether a
web server is using a dynamic IP address is used to judge the trustworthiness of a
given URL.
Internet domains and score the reputation of URLs. Data such as how long a
specific domain has been registered, or where a web site is hosted, or whether a
web server is using a dynamic IP address is used to judge the trustworthiness of a
given URL.
The web reputation calculation associates a URL with network parameters to
determine the probability that malware exists. The aggregate probability that
malware exists is then mapped to a Web Reputation Score between -10 and +10,
with +10 being the least likely to contain malware.
determine the probability that malware exists. The aggregate probability that
malware exists is then mapped to a Web Reputation Score between -10 and +10,
with +10 being the least likely to contain malware.
Example parameters include the following:
•
URL categorization data
•
Presence of downloadable code
•
Presence of long, obfuscated End-User License Agreements (EULAs)
•
Global volume and changes in volume