Anti-Virus Or Malware Protection - Allied Telesis AR Series Technical Manual

Selecting a Security Solution
Network administrators are allowed to statically configure any number of their own black-listed and
white-listed URLs.
Web Web-control is a proxy-based web-categorization service. This feature uses an external
Control
categorization service to provide real-time protection. The list of malicious and phishing websites
is constantly updated in real-time by the categorization service provider. The AR-Series firewall
caches the categorization responses from the external categorization service. This avoids
unnecessary and repeated external lookups to URLs and improves performance.
An additional set of 50 user-defined category match criteria can be stored locally on the AR-Series
firewall to provide specific access to a small list of user defined URLs for which an organization's
access policy may differ to that of the external categorization service. For example, this allows an
organization to manually override and allow access to a URL that might otherwise be blocked by the
external categorization service.
Summary By its nature, web control provides maximum protection against malicious and phishing websites,
as the cloud-based categorization lists are being constantly updated in real time. But this comes at
the expense of the latencies involved with a proxied service. URL Filtering, on the other hand,
involves much less session latency, but involves a slightly larger risk of exposure to threats, as list
updates occur less rapidly.
If both features (Web control and URL Filtering) are simultaneously enabled, then URLs will be
checked first via URL Filtering lists, then will subsequently be categorized via Web Control. Either
feature can block a connection. If a connection is blocked by one feature, the decision cannot be
over-ruled by the other feature.
While this provides a very high level of URL checking, it comes at the cost of additional session
latency. The decision to operate both URL filtering and Web Control needs to be carefully
considered. Such a combination should only be deployed if the need for comprehensive URL
checking takes priority over Internet-access performance.
In most situations, there is minimal benefit in using both features simultaneously.

Anti-virus or Malware Protection?

Both the Malware Protection and Anti-Virus features perform a very similar service— detecting and
blocking malicious code contained in content arriving from the Internet.
Anti-virus Anti-Virus is a proxy-based service that downloads an entire file object before scanning it to see if it
contains an embedded virus and then allows or blocks it.
As part of this proxy behavior, if malicious content is detected, the AR-Series firewall is able to
generate the 'Access Denied' HTTP web page and serve that to the client's web browser, so the
user is explicitly notified that they have strayed onto an undesirable website.
Malware Malware Protection is a stream-based service, and so inherently introduces slightly less latency than
Protection
Anti-virus. This is because Anti-virus does not forward a piece of content until it has been fully
C613-22104-00 REV B
Advanced Network Protection
Anti-virus or Malware Protection?
|
Page 31