Re: Securing the internet connections

[Matt - MRS Security <matt () mrssecurity com>]

WALI wrote:
> With an advanced Inspection and Prevention Security Services Module 
> (AIP-SSM) for the Cisco ASA 5500 Series Adaptive Security Appliance 
> residing at my perimeter, I am in need of choosing a solution for 
> granting safe and secure Internet access to my 2000+ userbase on the 
> inside. A solution that would suffice as my proxy/web caching needs 
> too and possibly allowing me to do URL filtering according to my policy.
>
> I was looking at secure computing's webwasher and Microsoft's ISA 2006 
> as possible solutions. Bluecoat is expensive. These guys tout of their 
> L7 capabilities to detect malwares and scan HTTPS traffic but I feel 
> that my AIP SSM should be able to do that job.
>
> What do you guys advise!!?
Go down the route of ISA server IMHO.

Much easier to intergrate into the domain and active directory services 
(as it pretty much just plugs in).

Bluecoat in my experience is pants, i have seen it rolled out into very 
big companies (think leading UK gas company) it did not work, they 
turned it off and now their just sitting in a rack doing nothing. What a 
waste of cash!

If you do decide to go with ISA server, look at malwaredomains.com they 
have a updated daily-ish list of known malware domains which you can 
block (limiting scope of a) infection b) further infection c) control of 
infected PC's and of course anything flagged will lead you to a 
potential infection on that PC.

I personally would not rely on one device i.e. Cisco ASA to handle all 
prevention. I would look at layering up security to reduce potential 
exposure.

I would consider a firewall rule review on the backend of installing a 
ISA to make sure that there are no rules that might allow direct 
internet leakage.

Thanks

Matt.