Efficient e-mail-based and web-based security requires a robust solution that is expanded beyond the traditional perimeter, as new threats are emerging on a daily basis. The Cisco E-mail Security Appliances (ESA) and the Cisco Web Security Appliance (WSA) provide a great solution designed to protect corporate users against these threats. Cisco has added advanced malware protection (AMP) to the ESA and WSA to allow security administrators to detect and block malware and perform continuous analysis and retrospective alerting. Both the ESA and WSA use cloud-based security intelligence to allow protection before, during, and after an attack. This chapter covers these technologies and solutions in detail. You will learn mitigation technologies such as spam and antimalware filtering, data loss prevention (DLP), blacklisting, e-mail encryption, and web application filtering.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this chapters topics before you begin. Table 18-1 details the major topics discussed in this chapter and their corresponding quiz questions.
Table 18-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section
Mitigation Technology for E-mail-Based Threats
Mitigation Technology for Web-Based Threats
Which of the following features does the Cisco ESA provide? (Choose all that apply.)
- Network antivirus capabilities
- E-mail encryption
- Threat outbreak prevention
- Support for remote access SSL VPN connections
Which of the following Cisco ESA models are designed for mid-sized organizations? (Choose all that apply.)
- Cisco C380
- Cisco C670
- Cisco C680
- Cisco X1070
What is a spear phishing attack?
- Unsolicited e-mails sent to an attacker.
- A denial-of-service (DoS) attack against an e-mail server.
- E-mails that are directed to specific individuals or organizations. An attacker may obtain information about the targeted individual or organization from social media sites and other sources.
- Spam e-mails sent to numerous victims with the purpose of making money.
Which of the following e-mail authentication mechanisms are supported by the Cisco ESA? (Choose all that apply.)
- Sender Policy Framework (SPF)
- Sender ID Framework (SIDF)
- DomainKeys Identified Mail (DKIM)
- DomainKeys Mail Protection (DMP)
Which of the following is the operating system used by the Cisco WSA ?
- Cisco AsyncOS operating system
- Cisco IOS-XR Software
- Cisco IOS-XE Software
- Cisco IOS Software
- Cisco ASA Software
Which of the following connectors are supported by the Cisco CWS service? (Choose all that apply.)
- Cisco Security Manager (CSM)
- Cisco ASA
- Cisco ISR G2 routers
- Cisco AnyConnect Secure Mobility Client
- Cisco WSA
Which of the following features are supported by the Cisco WSA? (Choose all that apply.)
- File reputation
- File sandboxing
- Layer 4 traffic monitor
- Real-time e-mail scanning
- Third-party DLP integration
Cisco WSA can be deployed using the Web Cache Communication Protocol (WCCP) configured in which of the following modes? (Choose all that apply.)
- Multiple context mode
- Explicit proxy mode
- Transparent proxy mode
- Virtualized mode