topic Re: TrendMicro Interscan on ASA - block https?? in Network Security

TrendMicro Interscan on ASA - block https??

dimensyssrl — Fri, 21 Feb 2020 11:31:06 GMT

Is it possible to block urls that link to an https site? I've configured ASA to redirect to it this type of traffic, but it doesn't block it...

Thanks

Daniele

Re: TrendMicro Interscan on ASA - block https??

Farrukh Haroon — Wed, 17 Jun 2009 06:57:06 GMT

Different web servers implement redirection in different ways, it would be very difficult to block all of these on the ASA).

You want to block HTTPS websites or redirection? This redirection is actually a security enhancement feature, why do you want to block it?

Regards

Farrukh

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Thu, 25 Jun 2009 09:21:13 GMT

I want to block certain sites/urls, like for example:

https://www.facebook.com/

Now I've configured InterScan to block this domain, but if I try to connect in https it doesn't block this connection (while if I try in http it block connection properly).

Thanks

Daniele

Re: TrendMicro Interscan on ASA - block https??

Farrukh Haroon — Thu, 25 Jun 2009 09:24:09 GMT

Are you using Cisco ASA CSC module or a standalone TrendMicro IWSS?

Btw what string hvae you configured in the blocking? Have you used wildcards?

Regards

Farrukh

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Thu, 25 Jun 2009 09:31:17 GMT

I'm using ASA CSC module.

I've configured:

Web (HTTP) --> URL Blocking --> URL keyword (example: 'yyy' string matches all URLs containing 'yyy')

and inserted there facebook.

So, CSC insert *facebook* into Block List.

But then it blocks only http connection and not https ones.

Into ASA configuration, I've configured http and https traffic to be redirected to CSC...

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Thu, 23 Jul 2009 09:54:15 GMT

anyone that can help me?

Re: TrendMicro Interscan on ASA - block https??

Farrukh Haroon — Sat, 25 Jul 2009 05:52:04 GMT

It works perfectly fine on our Trendmicro IWSS server, here is a sample block message:

IWSS Security Event

Access to this URL is currently restricted due to a blocking rule.

URL: www.apple.com:443

Rule: Block URLs of type Administrator-defined

If you feel you have reached this message in error, please contact your network administrator.

Please can you send me the screenshot of the page where you configured the block URLS in the CSC module?

Regards

Farrukh

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Wed, 29 Jul 2009 08:23:02 GMT

Here it is.

There is asa traffic redirection configuration also.

My ip is into network 10.168.32.0/24.

If I try https://www.facebook.com/ it doesn't block me.

If I try http://www.facebook.com/ it block me.

Thanks and sorry for the delay in my reply.

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Thu, 30 Jul 2009 09:52:31 GMT

I can't understand why this happens... Configuration is the same for http or https traffic...

Is there anybody out there that can explain me why?

Re: TrendMicro Interscan on ASA - block https??

kwillacey — Fri, 31 Jul 2009 20:50:56 GMT

As far as I know the csc trenmicro module does not do https, only http. Maybe you can confirm this with TAC.

Re: TrendMicro Interscan on ASA - block https??

dfarrell — Fri, 31 Jul 2009 23:33:06 GMT

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc1.html

..."Trend Micro InterScan for Cisco CSC SSM (Content Security and Control Security Services Module) provides an all-in-one antivirus and spyware management solution for your network. This guide provides a conceptual explanation of how to manage the CSC SSM, which is resident in your Cisco appliance to do the following:

â€¢Detect and take action on viruses, worms, Trojans, and other threats in your SMTP, POP3, HTTP, and FTP network traffic

Note Traffic utilizing other protocols, such as HTTPS, is not scanned by CSC SSM.

â€¢Block compressed or very large files that exceed specified parameters

â€¢Scan for and remove spyware, adware, and other types of grayware ..."

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Wed, 05 Aug 2009 07:11:42 GMT

Thanks for your reply.

So, this message what means?

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cd35b61/5#selected_message

Daniele

Re: TrendMicro Interscan on ASA - block https??

Farrukh Haroon — Wed, 05 Aug 2009 07:25:33 GMT

Dear Daniele

I mentioned in my post that it works on a standalone Trendmicro IWSS server, meaning we have the IWSS software running on our proxy servers (via proxy chaining). HTTPS filtering works on the Standalone IWSS software.

(As it appears from the documentation) Cisco/Trend Micro have disabled this HTTPS filtering capability in the CSC Module's IWSS software. Only Cisco/TM can comment on this, but it could be due to performance issues, CSC topology (traffic via back plane) etc.

Regards

Farrukh

Re: TrendMicro Interscan on ASA - block https??

dimensyssrl — Wed, 05 Aug 2009 08:12:35 GMT

Thanks to all.

Daniele