思科SourceFire 四大功能模块 访问控制 入侵检测与防御 高级恶意软件防护和文件控制

Access Control（访问控制）
Access control is a policy-based feature that allows you to specify, inspect, and log the traffic that can
traverse your network. An access control policy determines how the system handles traffic on your
network.

The simplest access control policy handles all traffic using its default action. You can set this default
action to block or trust all traffic without further inspection, or to inspect traffic for intrusions.

A more complex access control policy can blacklist traffic based on Security Intelligence data, as well
as use access control rules to exert granular control over network traffic logging and handling. These
rules can be simple or complex, matching and inspecting traffic using multiple criteria; you can control
traffic by security zone, network or geographical location, port, application, requested URL, and user.
Advanced access control options include preprocessing and performance.

Each access control rule also has an action, which determines whether you monitor, trust, block, or allow matching traffic. When you allow traffic, you can specify that the system first inspect it with intrusion or file policies to block any exploits, malware, or prohibited files before they reach your assets or exit your network.

Intrusion Detection and Prevention（入侵检测与防御）
Intrusion detection and prevention is the system’s last line of defense before traffic is allowed to its
destination. Intrusion policies are defined sets of intrusion detection and prevention configurations
invoked by your access control policy. Using intrusion rules and other settings, these policies inspect
traffic for security violations and, in inline deployments, can block or alter malicious traffic.

If the system-provided policies do not fully address the security needs of your organization, custom
policies can improve the performance of the system in your environment and can provide a focused view of the malicious traffic and policy violations occurring on your network. By creating and tuning custom policies you can configure, at a very granular level, how the system processes and inspects the traffic on your network for intrusions.


Advanced Malware Protection and File Control（高级恶意软件防护和文件控制）
To help you identify and mitigate the effects of malware, the ASA FirePOWER module’s file control and advanced malware protection components can detect, track, capture, analyze, and optionally block the transmission of files (including malware files and nested files inside archive files) in network traffic.

File Control（文件控制）
File control allows devices to detect and block your users from uploading (sending) or downloading
(receiving) files of specific types over specific application protocols. You configure file control as part
of your overall access control configuration; file policies associated with access control rules inspect
network traffic that meets rule conditions.

Network-Based Advanced Malware Protection (AMP)（基于网络的高级恶意软件保护）
Network-based advanced malware protection (AMP) allows the system to inspect network traffic for
malware in several types of files.

Regardless of whether you store a detected file, you can submit it to the Collective Security Intelligence
Cloud for a simple known-disposition lookup using the file’s SHA-256 hash value. Using this contextual information, you can configure the system to block or allow specific files.

You configure malware protection as part of your overall access control configuration; file policies
associated with access control rules inspect network traffic that meets rule conditions.


Application Programming Interfaces（应用程序接口）
There are several ways to interact with the system using application programming interfaces (APIs). For
detailed information, you can download additional documentation from either of the following Support Sites:
Sourcefire: (https://support.sourcefire.com/)
Cisco: (http://www.cisco.com/cisco/web/support/index.html)