Pages

Tuesday, 8 May 2012

Security Services Modules

Security Services Modules


Many of the ASA models can accept one Security Services Module (SSM). The SSM contains
dedicated hardware that can offload specialized or processor-intensive functions.
Cisco offers the Advanced Inspection and Prevention (AIP) SSM, the Content Security
and Control (CSC) SSM, and the 4-port Gigabit Ethernet (4GE) SSM, which are shown inFigure



Note: The AIP-SSM and the CSC-SSM use identical hardware form factors, but run
entirely different software.



The CSC-SSM performs comprehensive antivirus, antispyware, antispam, antiphishing,
file blocking, URL blocking and filtering, and content filtering in conjunction with the
ASA.


The ASA internally redirects traffic through the CSC-SSM, which runs the Trend
Micro InterScan for Cisco CSC-SSM software image. Because so many of the CSC-SSM’s
functions mitigate such a wide range of malware approaches, it is commonly referred to as
the “Anti-X” module. HTTP, FTP, SMTP, and POP3 traffic are protected by the CSC-SSM.


For the CSC-SSM to be effective, it must stay updated with the latest content security
information from Trend Micro. This is done automatically, but requires a subscription
service license from Cisco.


The CSC-SSM is available in two models. The CSC-SSM-10 can support
up to 50 users by default, but can be expanded to 500 users through the purchase of
additional licenses. The CSC-SSM-20 begins with 500 users and can be expanded to 1000
users with additional licenses.





Advanced Inspection and Prevention (AIP) SSM


The AIP-SSM runs the Cisco IPS Software image and performs network intrusion prevention
functions in conjunction with the ASA. The ASA can put the AIP-SSM inline, where
traffic is internally redirected to the module for inspection and handling before it is
forwarded. Otherwise, the AIP-SSM can operate in promiscuous mode, where the ASA
copies traffic to the module as it is being forwarded.


To be effective as a network IPS, the AIP-SSM must update its IPS signature database in a
timely fashion. Signature updates are available only by subscribing to the Cisco Services
for IPS service. The signature database is maintained and updated by Cisco Security Intelligence
Operations (SIO) and contains well over 25,000 threat signatures. As new threats
are discovered and identified, new signatures are added to the database, which must be
downloaded into the AIP-SSM.

No comments:

Post a Comment