Cisco Systems ASA 5500 manual Managing the CSC SSM, About the CSC SSM, 19-5

Page 5

Chapter 19 Managing the AIP SSM and CSC SSM

Managing the CSC SSM

Note If you see the preceding license notice (which displays only in some versions of software), you can ignore the message until you need to upgrade the signature files on the AIP SSM. The AIP SSM continues to operate at the current signature level until a valid license key is installed. You can install the license key at a later time. The license key does not affect the current functionality of the AIP SSM.

Step 3 Enter the setup command to run the setup utility for initial configuration of the AIP SSM:

AIP SSM# setup

You are now ready to configure the AIP SSM for intrusion prevention. See the following guides for AIP SSM configuration information

Configuring the Cisco Intrusion Prevention System Sensor Using the Command Line Interface.

Command Reference for Cisco Intrusion Prevention System

Managing the CSC SSM

This section contains the following topics:

About the CSC SSM, page 19-5

Getting Started with the CSC SSM, page 19-7

Determining What Traffic to Scan, page 19-9

Limiting Connections Through the CSC SSM, page 19-11

Diverting Traffic to the CSC SSM, page 19-11

About the CSC SSM

The ASA 5500 series adaptive security appliance supports the CSC SSM, which runs Content Security and Control software. The CSC SSM provides protection against viruses, spyware, spam, and other unwanted traffic. It accomplishes this by scanning the FTP, HTTP, POP3, and SMTP traffic that you configure the adaptive security appliance to send to it.

Figure 19-1illustrates the flow of traffic through an adaptive security appliance that has the following:

A CSC SSM installed and setup.

A service policy that determines what traffic is diverted to the SSM for scans.

In this example, the client could be a network user who is accessing a website, downloading files from an FTP server, or retrieving mail from a POP3 server. SMTP scans differ in that you should configure the adaptive security appliance to scan traffic sent from outside to SMTP servers protected by the adaptive security appliance.

Note The CSC SSM can scan FTP file transfers only when FTP inspection is enabled on the adaptive security appliance. By default, FTP inspection is enabled.

Cisco Security Appliance Command Line Configuration Guide

 

OL-8629-01

19-5

 

 

 

Page 4 Page 6
Image 5
Page 4 Page 6
Contents 19-1 Managing the AIP SSMAbout the AIP SSM 19-2 Getting Started with the AIP SSMDiverting Traffic to the AIP SSM 19-3 19-4 Sessioning to the AIP SSM and Running Setup19-5 Managing the CSC SSMAbout the CSC SSM Flow of Scanned Traffic with CSC SSM 19-619-7 Getting Started with the CSC SSM19-8 19-9 Determining What Traffic to Scan19-10 Common Network Configuration for CSC SSM Scanning19-11 Limiting Connections Through the CSC SSMDiverting Traffic to the CSC SSM 19-12 19-13 Checking SSM Status19-14 Transferring an Image onto an SSM19-15 19-16
Related manuals
Manual 49 pages 36.1 Kb Manual 144 pages 23.87 Kb Manual 16 pages 48.09 Kb

ASA 5500 specifications

Cisco Systems ASA 5500 is a robust security appliance designed to provide advanced network security and protection against both internal and external threats. Ideal for organizations of various sizes, the ASA 5500 series offers a wide range of features that combine firewall capabilities with intrusion prevention, VPN support, and application control, among others.

One of the key features of the ASA 5500 is its stateful firewall technology. This allows the device to monitor active connections and enforce security policies based on the state of the traffic. By maintaining the context of network sessions, the firewall can make informed decisions on whether to allow or deny traffic based on established rules.

In addition to traditional firewall functionalities, the ASA 5500 series integrates advanced intrusion prevention capabilities. By analyzing traffic patterns and identifying known threats, the IPS functionality helps organizations defend against a variety of malicious activities, such as DDoS attacks, malware, and unauthorized access attempts. The ASA 5500 continuously updates its threat intelligence through Cisco's global threat database, enhancing its ability to detect emerging threats in real-time.

Virtual Private Network (VPN) support is another significant aspect of the ASA 5500 series. The device offers secure, encrypted connections for remote users and branch offices, ensuring safe access to corporate resources over the Internet. It supports both IPsec and SSL VPN protocols, allowing organizations to choose the best option for their specific needs. This capability is crucial for businesses that require a secure environment for remote work.

The ASA 5500 series also features extensive application control and visibility tools. These tools enable organizations to manage and control the applications running on their network, ensuring that only authorized applications can communicate through the firewall. This level of control helps to mitigate risks associated with unauthorized applications, which can lead to data breaches or reduced productivity.

Moreover, the ASA 5500 is designed with high availability and scalability in mind. Its clustering support ensures that multiple units can work together to provide redundancy and load balancing, enhancing both performance and reliability. This characteristic is especially important for organizations looking to maintain continuous operation during traffic spikes or hardware failures.

In summary, Cisco Systems ASA 5500 is an all-in-one security solution that combines stateful firewall protection, intrusion prevention, VPN capabilities, and application control. With its robust feature set and focus on security, it is well-suited for organizations seeking to protect their networks from an ever-evolving landscape of cyber threats. Whether for small businesses or large enterprises, the ASA 5500 provides the necessary tools to create a secure networking environment.
Top Page Image Contents