Ironport Web Security self study guide

Similar Messages

• Question about IDS Self Study Guide for IDS

  Hello,
  i'm searching for a self study guide for the ips (ASA-SSM-10/20) where i can see how to configure signatures and deployment.
  Thanks in advance for your help
  regards
  Klaus

  The signature configuration for the SSM module is identical to any of the other IPS sensors. The root of all IPS documentation is here:
  http://cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_series_home.html
  Here is the ASA 7.1 doc on how to move traffic to the SSM
  http://cisco.com/en/US/docs/security/asa/asa71/configuration/guide/ssm.html

• Searching book "Oracle performance 11G - Self study guide"

  Hello all,
  I'm searching hardly the course "Oracle performance 11G - self study guide" to download.
  It's shorter and speaks about the essential things ... unlike the standard guide "Oracle® Database Performance Tuning Guide 11g Release 2 (11.2)"
  I's impossible for me to buy it, because of his price about 1500$.
  So I'm asking if someone can lend it to me, or tell me where I can download it ...
  Thanks in advance.

  Hi;
  Did you try to use google? Please see:
  http://www.google.co.uk/search?hl=en&q=%22Oracle+performance+11G+-Selfstudy+guide&meta=
  Regard
  Helios

• Ironport web security appliance

  Hi,
  Just want to check if the IRONPORT
  S series web security appliances support
  failover/clustering of 2 boxes.
  thanks,

  Each Cisco IronPort web security appliance can be configured as a standalone proxy or to co-exist with other proxies (such as in a proxy hierarchy for conditional routing, failover and load balancing

• Configure 2 Ironport web security boxes in HA mode

  Hi ALL,
  i want to ask something about ironport web security that how can i connect 2 boxes for HA.if top of that i have already 2 core switches in HSRP .
  Regards
  Prakash

  Prakash,
  HA for WSA boxes is a function of how you get the traffic to them.  If you're using explicit proxy, you can configure the PAC file for failover, or use DNS to resolve the proxy and let the DNS determine where to send it (DNS LB).  You could also use a web load balancer...
  If you're using WCCP, you could run that on the HRSP router or set it on your firewall(s).  If its on the router, you need to subscribe both WSA's to both routers, and make sure the access lists for the WCCP directed at one WSA don't process traffic from the other WSA.  (search the forum...) 

• Cisco IronPort Web Security 7.5 (Async OS).

  Hi All,
  Can anybody provide me the W3C sample logs of Cisco IronPort Web Security 7.5 (Async OS).
  Thanks,
  Sachin.

  "05/Oct/2012:10:17:00 +0200" 2152 NONE - 10.0.0.1 NONE 504 0 GET http://www.cisco.com/index.html - ALLOW_CUSTOMCAT_11-Intranet_Access-Intranet_Access_RD-NONE-NONE-NONE-Intranet  "Intranet"

• Design guides for Ironport Web Security

  Hi All,
  I am looking for a proxy solution for our enterprise network, and considering Ironport WebSecurity S370 appliance.
  I am just curious if there is any good design guides on how to properly implement Ironport on the network.
  I need best practices documents, i.e.  can I place two units with one virtual IP address and so on.
  Thanks!

  WSA's don't cluster, with a shared virtual IP, how you handle mulitple WSA boxes is a function of how you're redirecting traffic to them.
       WCCP - you just add them as multiple WCCP destinations
       PAC file - you add seperate entries and the browser/app figures out which one is available.
       Policy Based Routing (eg. no Cisco router) - I'm not sure, as I've never done it.
  You might be able to use a load balancer, but my feeling is that gets too complicated.
  I used this to set up one box using WCCP
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/H1CY11/SBA_Mid_BN_WebSecurityDeploymentGuide-H1CY11.pdf
  There's a caveat when you use WCCP for 2 boxes, you need to tweak the ACL so that you don't get loops:
  http://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=1603&p_created=1278697344&p_sid=zzjbITyk&p_accessibility=0&p_redirect=0&p_srch=1&p_lva=772&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9MzA4LDMwOCZwX3Byb2RzPTAmcF9jYXRzPTAmcF9wdj0mcF9jdj0mcF9zZWFyY2hfdHlwZT1hbnN3ZXJzLnNlYXJjaF9ubCZwX3BhZ2U9MSZwX3NlYXJjaF90ZXh0PW11bHRpcGxlIFdTQQ!!&p_li=cF91c2VyaWQ9MXJvblAwcnQmcF9wYXNzd2Q9Zm8wQmE1&p_topview=1

• Ask the Expert:Cisco Web Security

  With Ryan Wager
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about design, configuration and troubleshooting of the Cisco Web Security Solutions including Cisco Ironport WSA and Cisco ScanSafe with Cisco experts Kiran Sirupa and Ryan Wager. Kiran Sirupa is a technical marketing engineer in the product marketing team for the Cisco IronPort Web Security Appliance product line. He also works on documentation, partner ,and system engineering training. Kiran has been working in the Cisco Security Technologies group for more than six years. Ryan Wager is a technical marketing engineer at Cisco in the product management team for the ScanSafe Web Security platform. He is heavily involved with the product's integration with the Cisco Integrated Services Router Generation 2 platform, along with documentation, training, and testing of all new products and features. Before joining the product management team, Wagner spent two years as an implementation engineer helping ScanSafe's largest customers implement the platform into their networks.
  Remember to use the rating system to let Kiran and Ryan know if you have received an adequate response.  
  They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security sub-community, discussion forum shortly after the event. This event lasts through October 7, 2011.. Visit this forum often to view responses to your questions and the questions of other community members.

  Yes, the IronPort WSA will support all the security functions including Anti-Virus, Anti-Malware, Anti-Spyware, Web Reputation when working in conjunction with an existing proxy.
  There are two conditions:
  1. WSA acts as an upstream proxy - In this case, the authentication will be handled by your existing proxy, but the WSA is the first layer of defense. The WSA will perform a lookup in its web reputation database based on the destination. Also, The WSA can scan the http response with Anti-Virus, Anti-SpyWare and Anti-Malware software. However, since the WSA doesn't have user authentication information, you can only apply global controls for Acceptable Use.
  2. WSA has to go through an existing upstream proxy - In this case, the WSA has all the security functionality. In addition, it also handles the authentication. Hence, you can apply role based controls.
  You may refer to the following links for more information:
  WSA Product Literature: http://www.cisco.com/en/US/products/ps10164/prod_literature.html
  Cisco Security Reports: http://www.cisco.com/en/US/prod/vpndevc/annual_security_report.html
  Cisco Security Intelligence Operations: http://tools.cisco.com/security/center/home.x

• Cisco ISE or NAC Guest with web security (IronPort) integration

  All,
  We have a scenario where guests will be authenticated against the ISE or NAC Guest server, and customer will place an IronPort to provide web security, however, we can not find referentes whether IronPort can or cannot integrate with Guest Server, so that guests are not requested to be authenticated twice, one by the Guest Server, a one by the proxy. The idea is to keep it transparent for the guests with a single authentication.
  Has anyone there implemented such scenario?
  Thank you!

  I see. So, lets say we disable proxy authentication for the guest segment, can I still provide content filter for the segment, even though there is no proxy authentication? I assume customer will lose the reportinga and tracking granularity, but the scenario will work withou proxy authentication. This may be some sort of "man in the middle" only, but with content filter. Does it make sense?
  Thank you!

• Best study-guide for CCNA Security

  Hi..fellows !!
  Wts the Best study-guide for CCNA Security..?? Guys I need it including Authors also...
  Best Regards
  Nuwan

  Hi ,
  I Recently Completed My CCNA-Security Exam & I Followed MW&KW. It is Good. It Covers ALL required for the Exam!!!

• CCNP Security Study Guide

  Hi..
  Could anyone pls share me link to download book in pdf of CCNP Security Study guide.

  Hi,
  I would imagine you could go to the Cisco Press site and buy the eBook. I have not bought any myself. I have gotten the previous books through courses I have taken.
  http://www.ciscopress.com/markets/detail.asp?st=44730
  I only just started getting the certifications myself so I have just done CCNA R&S and will probably go on taking CCNA Security.
  Personally I will probably prefer the actual book than an eBook/PDF
  - Jouni

• I just got a message, Apple web security is detected that your system is infected

  I tried to open an email messsage and got a message "Apple web security is detcted that your system in infected. Is this coming from Apple? Inmediately after I started receiving ***** sites...

  If you haven't downloaded anything or clicked on any links in the web page, then simply delete the email message from your email program.  If you have clicked on something then you may have infected your computer with a trojan.  In that case see the following:
  Trojan War
  If you discover a trojan program is running on your computer then look to the following information for assistance:
  1. A recent discussion on the Apple Support Communities: MacDefender Trojan.
  2. An excellent site devoted to Mac Malware: Macintosh Virus Guide
  3. Another site for removing MacDefende, et.al.: MAC Defender Rogue Anti-Virus analysis and Removal
  Removing strange software can be a task.  The following outlines various ways of uninstalling software:
  Uninstalling Software: The Basics
  Most OS X applications are completely self-contained "packages" that can be uninstalled by simply dragging the application to the Trash.  Applications may create preference files that are stored in the /Home/Library/Preferences/ folder.  Although they do nothing once you delete the associated application, they do take up some disk space.  If you want you can look for them in the above location and delete them, too.
  Some applications may install an uninstaller program that can be used to remove the application.  In some cases the uninstaller may be part of the application's installer, and is invoked by clicking on a Customize button that will appear during the install process.
  Some applications may install components in the /Home/Library/Applications Support/ folder.  You can also check there to see if the application has created a folder.  You can also delete the folder that's in the Applications Support folder.  Again, they don't do anything but take up disk space once the application is trashed.
  Some applications may install a Startup item or a Log In item.  Startup items are usually installed in the /Library/StartupItems/ folder and less often in the /Home/Library/StartupItems/ folder.  Log In Items are set in the Accounts preferences.  Open System Preferences, click on the Accounts icon, then click on the LogIn Items tab.  Locate the item in the list for the application you want to remove and click on the Delete [-] button to delete it from the list.
  Some software use startup daemons or agents that are a new feature of the OS.  Look for them in /Library/LaunchAgents/ and /Library/LaunchDaemons/ or in /Home/Library/LaunchAgents/.
  If an application installs any other files the best way to track them down is to do a Finder search using the application name or the developer name as the search term.  Unfortunately Spotlight will not look in certain folders by default.  You can modify Spotlight's behavior or use a third-party search utility, Easy Find, instead.  Download Easy Find at VersionTracker or MacUpdate.
  Some applications install a receipt in the /Library/Receipts/ folder.  Usually with the same name as the program or the developer.  The item generally has a ".pkg" extension.  Be sure you also delete this item as some programs use it to determine if it's already installed.
  There are many utilities that can uninstall applications.  Note that you must have this software installed before you install software you may need to uninstall.  Uninstallers won't work if you install them after the fact.  Here is a selection:
  AppZapper
  Automaton
  Hazel
  CleanApp
  Yank
  SuperPop
  Uninstaller
  Spring Cleaning
  Look for them and others at VersionTracker or MacUpdate.
  For more information visit The XLab FAQs and read the FAQs on removing software and dealing with spyware and malware.
  After removing all the components of the software you may have to restart the computer to fully disable the software.  This will be the case when removing software that has installed a daemon.  After the daemon has been removed you need to restart the computer to stop the daemon.  Alternatively, you can kill the daemon process using the Terminal application or Activity Monitor.

• How to get user 'logged in' to ironport web filter without launching IE

  We have an issue with some employees who use third party programs that traverse the Internet.  These programs are 100% allowed by the organization as they are required for day to day business.  Some programs go over the Internet to communicate for certain reasons, such as a live chat help support, or ordering products, etc..
  The problem is that some of these users log in and never even touch Internet Explorer for awhile.  They will go on and start working right away.  Well if they don't try to access an Internet site via IE, then the Ironport does not 'log them in', and they are known as unauthenticated.  Of course this doesn't happen with everyone.  There's nothing wrong with people coming in a little early and checking the local news online.
  We were thinking up if it's possible to have each user 'touch' the ironport web filter in some way during a logon script, unbeknown to the end user, so that they are 'signed in' and whatever Internet connected application they launch has access through to the Internet.  Right now they need to at least launch IE and go to some site (say Google or MSN) and via NTLM credentials transparently passed through IE7, 8 or 9, they can simply close the page and go about their business.  Note: they MUST go to an external site.... not an internally hosted one (such as our Intranet, time clock or HR self service pages).
  So is there any commands we can put in via kix or bat or something that will say "Hey Ironport, %username% just logged in at 10.x.x.x".  Then maybe to make it more advanced, a logoff script that says "Hey Ironport, %username% just logged OFF of 10.x.x.x".  This way when our hourly timeout happens, they aren't immediately booted from their Internet applications (if they don't keep an IE window open that is).
  Right now our ASA Firewall uses WCCP to forward port 80 to the ironport web filter.  The Ironport is a transparent proxy.
  Thanks!

  So it looks like you are moving the authentication from the Ironport S160 to the ASA5500 series firewall?
  I guess we are looking at something simpler, like a way to 'touch' the internet and pass NTLM credentials, because then the Ironport knows who the user is.
  If the user does not 'touch' the internet with IE, and say they use some other program that does not pass NTLM credentials (say Firefox or live chat program, or an ftp program, etc...) They are likely to be blocked, because the Ironport doesn't know who they are.
  Your link seems to lead to a complicated setup for something that seems so simple.  I'm not sure how that relates to an Ironport S160.. it seems to focus on the ASA5500. Also we want it to be completely 100% transparent to the end user.
  This is how it worked with a Barracuda web filter appliance...
  A DCAgent program sat on each domain controller. As users logged in or out of the domain, this agent passed this current activity to the Barracuda web filter appliance.
  The Barracuda appliance knew exactly who was logged in because of this little program on the domain controller(s) that kept it updated. Based on this, policies could be assigned based on Active Directory group memberships. ie) HR and Marketing can access Facebook, while others cannot.
  I guess I'm looking for similar functionality with the Ironport S160. If there's any way the domain controller, or even the client PC can say "Hey Ironport, %username% is logged on here at %ip_address%". That way the Ironport would know who they are, and there would be no unnecessary authentication boxes (besides the user logging into the windows domain). They could use internet connected apps that do not pass NTLM authentication. I guess the client PC or the domain controller would also have to tell the IronPort when they signed off, just so we don't have to deal with authentication timeouts. This way, say they are in our internet chat help program... after an hour, it will cut out and disconnect them - because the IronPort forgets who they are (unless they are actively using the internet with IE).
  So for now, we just use the bypass option for the affected internet services.  The default browser is IE, so the reality is that we are not suffering any tremendous inconvienence.  It's just that we want to ensure we have the best robust solution, and we can handle these types of situations with programs other than IE accessing internet resources.

• OCA 1Z0-051 self-study material guidance

  Hi!
  I'm preparing for OCA 1Z0-051 exam and have been reading the book "OCA Oracle Database 11g SQL Fundamentals I Exam Guide: Exam 1Z0-051 (Osborne ORACLE Press Series)". I have few questions:
  - Is the book enough for preparing and passing the exam? If not, what other books do I need to study?
  - Apart from the book's questions, do I also need to try some other exam practice? If yes, could you please provide me the info.
  For me it is not possible to attend training. However, I can do self-study. Apart from the above book, if I'm missing something in the self-study, could you please guide me.
  Many thanks and looking forward to your kind reply!
  Edited by: user13019636 on Jun 8, 2010 4:45 AM

  user13019636 wrote:
  Hi!
  I'm preparing for OCA 1Z0-051 exam and have been reading the book "OCA Oracle Database 11g SQL Fundamentals I Exam Guide: Exam 1Z0-051 (Osborne ORACLE Press Series)". I have few questions:
  - Is the book enough for preparing and passing the exam? If not, what other books do I need to study?
  - Apart from the book's questions, do I also need to try some other exam practice? If yes, could you please provide me the info.I would always recommend the oracle univsersity's books but since you have mentioned that you can't go for training, then using the SQL Developer guide from the oracle documentation at http://tahiti.oracle.com would be another thing to refer time to time. Please note that I have not read your mentioned book so I can't comment about it precisely.
  For me it is not possible to attend training. However, I can do self-study. Apart from the above book, if I'm missing something in the self-study, could you please guide me.I believe for sql exam, more than reading, its more important how much you have understood the logic of the question and can use different options to achieve the required result. So I would suggest that you do more practice about different problems. Thats what is main required for going for the sql paper.
  HTH
  Aman....
  Many thanks and looking forward to your kind reply!

• SAP WM Documentation for self study

  Dear All,
  I am SAP MM consultant & I am interested to learn SAP WM.
  Can you please help/guide me to get SAP WM documentation for self study.
  I appreciate your advise to learn SAPWM in better way. Thanks in advance.
  Regards
  BSA

  Dear Basavaraj,
     You can Download to PDF by clicking onto Download option right hand side top of the screen.You can download all the units and read it when you are offline. It will be very usefull.
  Warehouse Structure in the Warehouse Management System - Warehouse Management System (WMS) - SAP Library
  Regards,
  Irfan