Security Basics mailing list archives
Re: Securing the internet connections
From: Matt - MRS Security <matt () mrssecurity com>
Date: Sat, 20 Sep 2008 18:37:06 +0100
WALI wrote:
With an advanced Inspection and Prevention Security Services Module (AIP-SSM) for the Cisco ASA 5500 Series Adaptive Security Appliance residing at my perimeter, I am in need of choosing a solution for granting safe and secure Internet access to my 2000+ userbase on the inside. A solution that would suffice as my proxy/web caching needs too and possibly allowing me to do URL filtering according to my policy.I was looking at secure computing's webwasher and Microsoft's ISA 2006 as possible solutions. Bluecoat is expensive. These guys tout of their L7 capabilities to detect malwares and scan HTTPS traffic but I feel that my AIP SSM should be able to do that job.What do you guys advise!!?
Go down the route of ISA server IMHO.Much easier to intergrate into the domain and active directory services (as it pretty much just plugs in).
Bluecoat in my experience is pants, i have seen it rolled out into very big companies (think leading UK gas company) it did not work, they turned it off and now their just sitting in a rack doing nothing. What a waste of cash!
If you do decide to go with ISA server, look at malwaredomains.com they have a updated daily-ish list of known malware domains which you can block (limiting scope of a) infection b) further infection c) control of infected PC's and of course anything flagged will lead you to a potential infection on that PC.
I personally would not rely on one device i.e. Cisco ASA to handle all prevention. I would look at layering up security to reduce potential exposure.
I would consider a firewall rule review on the backend of installing a ISA to make sure that there are no rules that might allow direct internet leakage.
Thanks Matt.
Current thread:
- Securing the internet connections WALI (Sep 19)
- Re: Securing the internet connections ॐ aditya mukadam ॐ (Sep 22)
- Re: Securing the internet connections Gleb Paharenko (Sep 22)
- Re: Securing the internet connections WALI (Sep 22)
- Re: Securing the internet connections Matt - MRS Security (Sep 22)
- Re: Securing the internet connections Colin Grady (Sep 22)
- Re: Securing the internet connections Martin Spinassi (Sep 22)