Cisco Cisco Web Security Appliance S160 Guida Utente
19-3
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 19 Configuring Security Services
Web Reputation Filters Overview
•
Access Policies. You can choose to block, scan, or allow.
•
Decryption Policies. You can choose to drop, decrypt, or pass through.
•
Cisco IronPort Data Security Policies. You can choose to block or monitor.
You can configure each policy group to correlate an action to a particular Web Reputation Score.
Web Reputation in Access Policies
When you configure web reputation settings in Access Policies, you can choose to configure the settings
manually, or let AsyncOS for Web choose the best options using Adaptive Scanning.
manually, or let AsyncOS for Web choose the best options using Adaptive Scanning.
When Adaptive Scanning is enabled, you can enable or disable web reputation filtering in each Access
Policy, but you cannot edit the Web Reputation Scores. For more information on Adaptive Scanning, see
Policy, but you cannot edit the Web Reputation Scores. For more information on Adaptive Scanning, see
.
describes the default Web Reputation Scores for Access Policies that you can edit when
Adaptive Scanning is disabled.
For example, by default, URLs in an HTTP request that are assigned a Web Reputation Score of +7 are
allowed and require no further scanning. However, a weaker score for an HTTP request, such as +3, is
automatically forwarded to the Cisco IronPort DVS engine where it is scanned for malware. Any URL
in an HTTP request that has a very poor reputation is blocked.
allowed and require no further scanning. However, a weaker score for an HTTP request, such as +3, is
automatically forwarded to the Cisco IronPort DVS engine where it is scanned for malware. Any URL
in an HTTP request that has a very poor reputation is blocked.
Table 19-1
Default Web Reputation Scores for Access Policies
Score
Action
Description
Example
-10 to -6.0
Block
Bad site. The request is blocked,
and no further malware scanning
occurs.
and no further malware scanning
occurs.
•
URL downloads information without
user permission.
user permission.
•
Sudden spike in URL volume.
•
URL is a typo of a popular domain.
-5.9 to 5.9
Scan
Undetermined site. Request is
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
passed to the DVS engine for
further malware scanning. The
DVS engine scans the request
and server response content.
•
Recently created URL that has a
dynamic IP address and contains
downloadable content.
dynamic IP address and contains
downloadable content.
•
Network owner IP address that has a
positive Web Reputation Score.
positive Web Reputation Score.
6.0 to 10.0
Allow
Good site. Request is allowed.
No malware scanning required.
No malware scanning required.
•
URL contains no downloadable
content.
content.
•
Reputable, high-volume domain
with long history.
with long history.
•
Domain present on several allow
lists.
lists.
•
No links to URLs with poor
reputations.
reputations.