cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4940
Views
0
Helpful
13
Replies

TrendMicro Interscan on ASA - block https??

dimensyssrl
Level 1
Level 1

Is it possible to block urls that link to an https site? I've configured ASA to redirect to it this type of traffic, but it doesn't block it...

Thanks

Daniele

1 Accepted Solution

Accepted Solutions

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc1.html

..."Trend Micro InterScan for Cisco CSC SSM (Content Security and Control Security Services Module) provides an all-in-one antivirus and spyware management solution for your network. This guide provides a conceptual explanation of how to manage the CSC SSM, which is resident in your Cisco appliance to do the following:

•Detect and take action on viruses, worms, Trojans, and other threats in your SMTP, POP3, HTTP, and FTP network traffic

Note Traffic utilizing other protocols, such as HTTPS, is not scanned by CSC SSM.

•Block compressed or very large files that exceed specified parameters

•Scan for and remove spyware, adware, and other types of grayware ..."

View solution in original post

13 Replies 13

Farrukh Haroon
VIP Alumni
VIP Alumni

Different web servers implement redirection in different ways, it would be very difficult to block all of these on the ASA).

You want to block HTTPS websites or redirection? This redirection is actually a security enhancement feature, why do you want to block it?

Regards

Farrukh

I want to block certain sites/urls, like for example:

https://www.facebook.com/

Now I've configured InterScan to block this domain, but if I try to connect in https it doesn't block this connection (while if I try in http it block connection properly).

Thanks

Daniele

Are you using Cisco ASA CSC module or a standalone TrendMicro IWSS?

Btw what string hvae you configured in the blocking? Have you used wildcards?

Regards

Farrukh

I'm using ASA CSC module.

I've configured:

Web (HTTP) --> URL Blocking --> URL keyword (example: 'yyy' string matches all URLs containing 'yyy')

and inserted there facebook.

So, CSC insert *facebook* into Block List.

But then it blocks only http connection and not https ones.

Into ASA configuration, I've configured http and https traffic to be redirected to CSC...

anyone that can help me?

It works perfectly fine on our Trendmicro IWSS server, here is a sample block message:

IWSS Security Event

Access to this URL is currently restricted due to a blocking rule.

URL: www.apple.com:443

Rule: Block URLs of type Administrator-defined

If you feel you have reached this message in error, please contact your network administrator.

Please can you send me the screenshot of the page where you configured the block URLS in the CSC module?

Regards

Farrukh

Here it is.

There is asa traffic redirection configuration also.

My ip is into network 10.168.32.0/24.

If I try https://www.facebook.com/ it doesn't block me.

If I try http://www.facebook.com/ it block me.

Thanks and sorry for the delay in my reply.

I can't understand why this happens... Configuration is the same for http or https traffic...

Is there anybody out there that can explain me why?

As far as I know the csc trenmicro module does not do https, only http. Maybe you can confirm this with TAC.

http://www.cisco.com/en/US/docs/security/csc/csc60/administration/guide/csc1.html

..."Trend Micro InterScan for Cisco CSC SSM (Content Security and Control Security Services Module) provides an all-in-one antivirus and spyware management solution for your network. This guide provides a conceptual explanation of how to manage the CSC SSM, which is resident in your Cisco appliance to do the following:

•Detect and take action on viruses, worms, Trojans, and other threats in your SMTP, POP3, HTTP, and FTP network traffic

Note Traffic utilizing other protocols, such as HTTPS, is not scanned by CSC SSM.

•Block compressed or very large files that exceed specified parameters

•Scan for and remove spyware, adware, and other types of grayware ..."

Dear Daniele

I mentioned in my post that it works on a standalone Trendmicro IWSS server, meaning we have the IWSS software running on our proxy servers (via proxy chaining). HTTPS filtering works on the Standalone IWSS software.

(As it appears from the documentation) Cisco/Trend Micro have disabled this HTTPS filtering capability in the CSC Module's IWSS software. Only Cisco/TM can comment on this, but it could be due to performance issues, CSC topology (traffic via back plane) etc.

Regards

Farrukh

Thanks to all.

Daniele

Review Cisco Networking for a $25 gift card