Inter-VLAN Malicious Code Scanning
Posted
by
Jackthedog
on Server Fault
See other posts from Server Fault
or by Jackthedog
Published on 2014-08-19T02:55:12Z
Indexed on
2014/08/19
4:22 UTC
Read the original article
Hit count: 462
I am trying to find an inbuilt solution on a Cisco Catayst 3750X Switch to scan all traffic routed from one VLAN to another for malicious code.
The situation is that we currently have a development environment which is currently being redesigned to upgrade the network infrastructure to use the 3750X switches to manage server and workstation connectivity as well as inter-VLAN routing.
We also have another system that is responsible for taking the builds created on the development environment and imaging various HDDs.
Because these are two separate systems, we have a requirement in the workplace to anti-virus scan any data transferred between these systems. This is done by copying the data from the originating system to external USB HDD, scanning in a standalone workstation and then copying the data on to the receiving system. As you can imagine this is extremely tedious and impractical most of the time... (I don't make the rules).
Anyway, with this redesign going on, we would like to join the imaging system to the network infrastructure of the development system, keeping separation by the use of VLANs and restricting traffic by using ACLs. As we still have the requirement to scan all traffic I would like to configure some sort of malicious code scanning when ever traffic is routed between these VLANs.
I am aware I could install a separate in-line IPS/IDS device, however both systems will be using multiple ports on the switch (obviously), and we won't be able to put a device on each port. I would would prefer not to add additional hardware if the 3750x switch is capable of doing the job.
Is anyone aware of any Cisco solution that I could use here, that ideally can be incorporated into the 3750x switch?
Thanks in advance.
© Server Fault or respective owner