cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
1
Replies

AIP or CSC SSM

snooter
Level 1
Level 1

We've got an ASA 5510 and we're moving to get all our remote users on the SSL/VPN option with this.

However, we'd like to be protected 100% from any remote client that manages to get themselves a virus before connecting to us remotely.

I've been reading on both the AIP and CSC SSM's, but I can't quite distinguish the difference between them. It sounds like they both scan for viruses and other malicious traffic. What's the difference of the two?

Also, we use an internal Trend Micro proxy server for scanning our users internet traffic. It sound like one of these modules (or maybe both can) actually take over this role. Can someone who is using this virus scanning/url-blocking feature on the asa give me an idea on how detail rich the configuration options are? Is it very basic, just plug it in and one simple configuration, or is there a plethora of options for detailed configuration?

Thanks for any info!

(I'm still reading so hopefully I'll have a good grasp on this here soon)

1 Reply 1

robertblasey
Level 1
Level 1

Hi Snooter,

The CSC Module is a small TrendMicro Appliance that scans your Http (and Email?) traffic inline. This appliance might save you a proxy server. The AIP-SSM is a full blown Intrusion Prevention System that monitors the firewall traffic via its IPS signatures. You should have additional monitoring or correlation software (like Cisco MARS or Prelude/Prewikka) to help you manage and interpret your IPS data.

Regards

Robert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: