Solved

PIX535 with Anti-Virus

Posted on 2006-06-14
13
270 Views
Last Modified: 2010-04-09
Hi Guys,

Has any one integrated the PIX 535 with any Anti-Virus Software.
I need to know some details

thanks
Naren
0
Comment
Question by:r_naren22atyahoo
  • 5
  • 5
  • 2
13 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16908810
No
The new ASA line does have in-line AV integrated, but there is nothing for the PIX
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16908894
I have seen this document
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a008007d05d.html
 
and I assumed that there could be some integration that can be done
This was the quote from the above link
--------------------------
Integration with Leading Third-Party Solutions | . Supports the broad range of Cisco Technology Developer partner solutions that provide URL filtering,
                                                                   |     content  filtering, virus protection, scalable remote management, and more
                                                                                                   ------------------
------------------------

is there any ?????
 
regards
Nare
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16909567
As far as I know, there is none and even if there is one then it is Trend Micro since they have it for IDS/IPS devices.

Cheers,
Rajesh
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16916508
I am trying to integrate the

-------------PIX535-----(Cisco ACS4.1)&(AAA-Server)-------------Trend Micro.

Some thing like, if virus found, add an access rule to pix will be added by the policy server(ACS) to restrict the access of infected user to other network.

Any Ideas???

regards
naren
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16917350
It's called Clean Access
http://www.cisco.com/en/US/products/products_security_advisory09186a00804f3127.shtml
It is not yet integrated with PIX/ASA/ACS - at least not that I'm aware of.
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 16917752
Could you look at this please, guys
http://www.experts-exchange.com/Security/Q_21888521.html
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17066531
sorry for not keeping in touch, i did some research and found of this

PIX 7.2(1) does have NAC.
Trend has some anti-virus solutions integrating with NAC devices
http://cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008066ebb8.html

http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm
 
I have to do some more research on the integration

regards
Naren
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066978
Integration front right now, I know that CSIDS products with 5.x version of softwares are done with TrendMicro signatures => Outbreak prevention...

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17066979
So if you had an ASA box with IDS integration card, you could do it.

Cheers,
Rajesh
0
 
LVL 12

Author Comment

by:r_naren22atyahoo
ID: 17067264
Hi Rajesh,

This is not an ASA Box :(
its PIX 535 Enterprice licence.

have you had any experiance before with this type of integration?????

I am expecting some thing like this but not sure

             Clients/Servers------------Network--------PIX535------Cisco ACS with AAA Server----Trend Micro Server
     with Cisco Clean Access &
         Trend-Micro Client

regards
Naren
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 17067309
Yeah, I know :-) For IDS there is a direct integration and I know that. But what you're looking for is available only as part of NAC introduced fairly recent (In a sense, dev is still going on)

The network diagram you wrote there is exacly how it is; 2 ways basically along with the CSA client, a new component called CTA (Cisco trust agent) also will be pushed to the clients which in turn takes care of of the talking to NAC enabled device for compliance.

Unfortunately I don't have CCO access now (I work for Juniper now :-)). So I don't have a way of looking things.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17070427
thnx for the points Naren.

Cheers,
Rajesh
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now