Cisco Cisco ASA 5520 Adaptive Security Appliance 技术手册
Background Information
The CSC−SSM maintains a file that contains signature profiles of suspicious content, updated regularly from
an update server at Trend Micro. The CSC−SSM scans traffic it receives from the adaptive security appliance
and compares it to the content profiles it obtains from Trend Micro. It then forwards legitimate content on to
the adaptive security appliance for routing, or blocks and reports content that is suspicious.
an update server at Trend Micro. The CSC−SSM scans traffic it receives from the adaptive security appliance
and compares it to the content profiles it obtains from Trend Micro. It then forwards legitimate content on to
the adaptive security appliance for routing, or blocks and reports content that is suspicious.
By default, CSC−SSM comes with a base license that provides these features:
Detects and takes action on viruses and malware in the network traffic
•
Blocks compressed or very large files that exceed specified parameters
•
Scans for and remove spyware, adware, and other types of grayware
•
Additionally, if it is equipped with a Plus License, it also performs these tasks:
Reduces spam and protect against phishing fraud in your SMTP and POP3 traffic
•
Sets up content filters that enable you to allow or prohibit email traffic that contain key words or
phrases
phrases
•
Filters/Blocks URLs that you do not want users to access, or URLs that are known to have hidden or
malicious purposes
malicious purposes
•
Note: The CSC−SSM can scan FTP file transfers only when FTP inspection is enabled on the ASA. By
default, FTP inspection is enabled.
default, FTP inspection is enabled.
Note: The CSC−SSM cannot support Stateful Failover because the CSC−SSM does not maintain connection
information, and therefore cannot provide the failover unit with the required information for Stateful Failover.
The connections that a CSC−SSM is scanning are dropped when the security appliance in which the
CSC−SSM is installed fails. When the standby adaptive security appliance becomes active, it forwards the
scanned traffic to the CSC−SSM and the connections are reset.
information, and therefore cannot provide the failover unit with the required information for Stateful Failover.
The connections that a CSC−SSM is scanning are dropped when the security appliance in which the
CSC−SSM is installed fails. When the standby adaptive security appliance becomes active, it forwards the
scanned traffic to the CSC−SSM and the connections are reset.
Configure
In a network in which the adaptive security appliance is deployed with the CSC−SSM, you configure the
adaptive security appliance to send to the CSC−SSM only the types of traffic that you want to be scanned.
adaptive security appliance to send to the CSC−SSM only the types of traffic that you want to be scanned.
Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the
commands used in this section.
commands used in this section.
ASA − CSC SSM Flow Diagram
This diagram shows the flow of traffic within ASA and CSC−SSM: