Securing the Internet 'www' connections?

fahim · ‎09-19-2008

With an advanced Inspection and Prevention Security Services Module (AIP-SSM 20) for the Cisco ASA 5500 Series Adaptive Security Appliance residing at my perimeter, I am in need of choosing a solution for granting safe and secure Internet access to my 2000+ userbase on the inside. A solution that would suffice as my proxy/web caching needs too and possibly allowing me to do URL filtering according to my policy.

I was looking at secure computing's webwasher and Microsoft's ISA 2006 as possible solutions. Bluecoat is expensive. These guys tout of their L7 capabilities to detect malwares and scan HTTPS traffic but I feel that my AIP SSM should be able to do that job.

What do you guys advise!!? Wouldn't my SSM module check all the internet traffic floating by for all malwares/viruses/http attacks etc?

mhellman · ‎09-24-2008

WebWasher is good stuff. It does all those things you mention (proxy,content caching, URL filtering, anti-x). It is also very expensive though. It is absolutely a best of breed solution though and you get what you pay for. The ASA is just not best of breed. It is probably cheaper though so maybe it's "good enough".

The ASA AIP SSM just isn't designed to do the things you want. It is a network IPS. Cisco does have an ASA module for this called CSC-SSM.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80402e88.html

However, it doesn't proxy or cache. It isn't capable of inspecting HTTPS. For A LOT more reasons, it just isn't in the same league as WW.

ISA 2006 doesn't really do anything, by itself, to protect desktops. You don't need it with WW.