Cisco Cisco Web Security Appliance S390 사용자 가이드
C H A P T E R
20-1
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
20
Detecting Rogue Traffic on Non-Standard Ports
•
•
•
•
•
•
•
Overview of Detecting Rogue Traffic
The Web Security appliance has an integrated Layer-4 Traffic Monitor that detects rogue traffic across
all network ports and stops malware attempts to bypass port 80. When internal clients are infected with
malware and attempt to phone-home across non-standard ports and protocols, the L4 Traffic Monitor
prevents phone-home activity from going outside the corporate network. By default, the L4 Traffic
Monitor is enabled and set to monitor traffic on all ports. This includes DNS and other services.
all network ports and stops malware attempts to bypass port 80. When internal clients are infected with
malware and attempt to phone-home across non-standard ports and protocols, the L4 Traffic Monitor
prevents phone-home activity from going outside the corporate network. By default, the L4 Traffic
Monitor is enabled and set to monitor traffic on all ports. This includes DNS and other services.
The L4 Traffic Monitor uses and maintains its own internal database. This database is continuously
updated with matched results for IP addresses and domain names.
updated with matched results for IP addresses and domain names.
Configuring the L4 Traffic Monitor
Before you begin
•
Configure the L4 Traffic Monitor inside the firewall.