本站已运行 14年354天9小时15分32秒

攻城狮论坛

作者: oracat
查看: 655|回复: 0

主题标签Tag

more +今日重磅推荐Recommend No.1

所有IT类厂商认证考试题库下载所有IT类厂商认证考试题库下载

more +随机图赏Gallery

【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器

[学习笔记] 思科SourceFire 四大功能模块 访问控制 入侵检测与防御 高级恶意软件防护和文件控制

[复制链接]
oracat [Lv9 无所不能] 发表于 2015-11-29 17:32:06 | 显示全部楼层 |阅读模式
查看: 655|回复: 0
开通VIP 免金币+免回帖+批量下载+无广告
Access Control(访问控制)
Access control is a policy-based feature that allows you to specify, inspect, and log the traffic that can
traverse your network. An access control policy determines how the system handles traffic on your
network.

The simplest access control policy handles all traffic using its default action. You can set this default
action to block or trust all traffic without further inspection, or to inspect traffic for intrusions.

A more complex access control policy can blacklist traffic based on Security Intelligence data, as well
as use access control rules to exert granular control over network traffic logging and handling. These
rules can be simple or complex, matching and inspecting traffic using multiple criteria; you can control
traffic by security zone, network or geographical location, port, application, requested URL, and user.
Advanced access control options include preprocessing and performance.

Each access control rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic. When you allow traffic, you can specify that the system first inspect it with intrusion or file policies to block any exploits, malware, or prohibited files before they reach your assets or exit your network.

Intrusion Detection and Prevention(入侵检测与防御)
Intrusion detection and prevention is the system’s last line of defense before traffic is allowed to its
destination. Intrusion policies are defined sets of intrusion detection and prevention configurations
invoked by your access control policy. Using intrusion rules and other settings, these policies inspect
traffic for security violations and, in inline deployments, can block or alter malicious traffic.

If the system-provided policies do not fully address the security needs of your organization, custom
policies can improve the performance of the system in your environment and can provide a focused view of the malicious traffic and policy violations occurring on your network. By creating and tuning custom policies you can configure, at a very granular level, how the system processes and inspects the traffic on your network for intrusions.


Advanced Malware Protection and File Control(高级恶意软件防护和文件控制)
To help you identify and mitigate the effects of malware, the ASA FirePOWER module’s file control and advanced malware protection components can detect, track, capture, analyze, and optionally block the transmission of files (including malware files and nested files inside archive files) in network traffic.

File Control(文件控制)
File control allows devices to detect and block your users from uploading (sending) or downloading
(receiving) files of specific types over specific application protocols. You configure file control as part
of your overall access control configuration; file policies associated with access control rules inspect
network traffic that meets rule conditions.

Network-Based Advanced Malware Protection (AMP)(基于网络的高级恶意软件保护)
Network-based advanced malware protection (AMP) allows the system to inspect network traffic for
malware in several types of files.

Regardless of whether you store a detected file, you can submit it to the Collective Security Intelligence
Cloud for a simple known-disposition lookup using the file’s SHA-256 hash value. Using this contextual information, you can configure the system to block or allow specific files.

You configure malware protection as part of your overall access control configuration; file policies
associated with access control rules inspect network traffic that meets rule conditions.


Application Programming Interfaces(应用程序接口)
There are several ways to interact with the system using application programming interfaces (APIs). For
detailed information, you can download additional documentation from either of the following Support Sites:
Sourcefire: (https://support.sourcefire.com/)
Cisco: (http://www.cisco.com/cisco/web/support/index.html)


CCNA考试 官方正规报名 仅需1500元
回复 论坛版权

举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|无图浏览|手机版|网站地图|攻城狮论坛

GMT+8, 2025-7-5 09:12 , Processed in 0.099719 second(s), 16 queries , Gzip On, MemCache On.

Powered by Discuz! X3.4 © 2001-2013 Comsenz Inc.

Designed by ARTERY.cn