Cisco Cisco Web Security Appliance S170 사용자 가이드

appliance can be configured to send web reputation statistics to a SenderBase 
server. SenderBase server information is leveraged with data feeds from the 
IronPort Common Security Database (SenderBase® Network) and the collective 
information is used to produce a Web Reputation Score.

For more information, see 

The web reputation filtering component periodically receives updates to its 
database tables from the IronPort update server 
(

https://update-manifests.ironport.com

). Server updates are automated, and 

the update interval is set by the server as opposed to the appliance. Updates to the 
database tables occur with a regular degree of frequency, and require no 
administrator intervention.

For information about update intervals and the IronPort update server, see 

.

Web Reputation Filters use statistically significant data to assess the reliability of 
Internet domains and score the reputation of URLs. Data such as how long a 
specific domain has been registered, or where a web site is hosted, or whether a 
web server is using a dynamic IP address is used to judge the trustworthiness of a 
given URL. 

The web reputation calculation associates a URL with network parameters to 
determine the probability that malware exists. The aggregate probability that 
malware exists is then mapped to a Web Reputation Score between -10 and +10, 
with +10 being the least likely to contain malware.

Example parameters include the following:

URL categorization data

Presence of downloadable code

Presence of long, obfuscated End-User License Agreements (EULAs)

Global volume and changes in volume