Cisco Cisco Web Security Appliance S170 Guia Do Utilizador

.

The Web Security appliance is permissive by default. That is, requests are allowed unless specifically 
blocked in a policy group.

AsyncOS first looks at information in file headers to identify file types. If warranted, it then scans the 
file. If a header identifies a file as one type, for example a PDF, and then through scanning AsyncOS 
determines that the file is actually of another type, for example, an executable, AsyncOS blocks the 
transaction even if the actual file type is allowed by policy. It does this because the misidentification of 
file types indicates a possible security threat.

The Web Security appliance uses multiple types of policies to enforce organizational policies and 
requirements. 

Identities. “Who are you?”

Decryption Policies. “To decrypt or not to decrypt?”

Routing Policies. “From where to fetch content?”

Access Policies. “To allow or block the transaction?”

Cisco IronPort Data Security Policies. “To block the upload of data?” Cisco IronPort Data 
Security Policies actions are defined on the Web Security appliance. 

External DLP (data loss prevention) Policies. “To block the upload of data?” External DLP 
Policies actions are defined on an external DLP appliance.

Outbound Malware Scanning Policies. “To block the upload of malicious data?”

SaaS Application Authentication Policies. “To allow this user access to the SaaS application?”

You use the policies together to create the behavior you need or expect when clients access the web.

Block file-type X

N/A (file not scanned)

Block

Allow file-type X

Allow

Allow file-type X and 
Allow file-type Y

Block