Cisco Cisco Web Security Appliance S170 사용자 가이드
Chapter 18 Web Reputation Filters
Web Reputation Scores
18-2
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
appliance can be configured to send web reputation statistics to a SenderBase
server. SenderBase server information is leveraged with data feeds from the
IronPort Common Security Database (SenderBase® Network) and the collective
information is used to produce a Web Reputation Score.
server. SenderBase server information is leveraged with data feeds from the
IronPort Common Security Database (SenderBase® Network) and the collective
information is used to produce a Web Reputation Score.
Note
For more information, see
Maintaining the Database Tables
The web reputation filtering component periodically receives updates to its
database tables from the IronPort update server
(
database tables from the IronPort update server
(
https://update-manifests.ironport.com
). Server updates are automated, and
the update interval is set by the server as opposed to the appliance. Updates to the
database tables occur with a regular degree of frequency, and require no
administrator intervention.
database tables occur with a regular degree of frequency, and require no
administrator intervention.
For information about update intervals and the IronPort update server, see
.
Web Reputation Scores
Web Reputation Filters use statistically significant data to assess the reliability of
Internet domains and score the reputation of URLs. Data such as how long a
specific domain has been registered, or where a web site is hosted, or whether a
web server is using a dynamic IP address is used to judge the trustworthiness of a
given URL.
Internet domains and score the reputation of URLs. Data such as how long a
specific domain has been registered, or where a web site is hosted, or whether a
web server is using a dynamic IP address is used to judge the trustworthiness of a
given URL.
The web reputation calculation associates a URL with network parameters to
determine the probability that malware exists. The aggregate probability that
malware exists is then mapped to a Web Reputation Score between -10 and +10,
with +10 being the least likely to contain malware.
determine the probability that malware exists. The aggregate probability that
malware exists is then mapped to a Web Reputation Score between -10 and +10,
with +10 being the least likely to contain malware.
Example parameters include the following:
•
URL categorization data
•
Presence of downloadable code
•
Presence of long, obfuscated End-User License Agreements (EULAs)
•
Global volume and changes in volume