Which of the following can be detected by the Cisco ESA CASE? (Select 2 choices.)
- snowshoe spam
- phishing attacks
- DDoS attacks
- MAC spoofing attacks
- DNS poisoning attacks
A Cisco Email Security Appliance (ESA) is designed to protect against email threats, such as malware attachments, phishing scams, and spam. The Cisco Context Adaptive Scanning Engine (CASE) on an ESA is a contextual analysis technology that is intended to detect email threats as they are received. CASE checks the reputation of email senders, scans the content of email messages, and analyzes the construction of email messages. As part of this process, CASE submits the email sender to the Cisco SenderBase Network, which contains data on hundreds of thousands of email networks. The sender is assigned a score based on this information. The content of the email messaging is scanned because it could contain language, links, or a call to action that is indicative of a phishing scam.
Snowshoe spammers establish many false company names and identities, often with unique post office addresses and telephone numbers, so that reputation filters do not perceive the source of the spam as a threat. In addition, the spam output is spread across multiple IP addresses and domain names in order to defeat blacklists.
Phishing is a social engineering technique in which a malicious person uses a seemingly legitimate electronic communication, such as email or a webpage, in an attempt to dupe a user into submitting personal information, such as a Social Security number (SSN), account login information, or financial information. To mitigate the effects of a phishing attack, users should use email clients and web browsers that provide phishing filters. In addition, users should also be wary of any unsolicited email or web content that requests personal information. The CASE on a Cisco ESA appliance is capable of detecting phishing scams.
The Cisco ESA CASE does not protect against Distributed Denial of Service (DDoS) attacks. A DDoS attack is a coordinated Denial of Service (DoS) attack that uses multiple attackers to target a single host. For example, a large number of zombie hosts in a botnet could flood a target device with packets.
The Cisco ESA CASE does not protect against Media Access Control (MAC) spoofing attacks. A MAC spoofing attack uses the MAC address of another host on the network in order to bypass port security measures.
The Cisco ESA CASE does not protect against Domain Name System (DNS) poisoning attacks. DNS poisoning is an attack that modifies the DNS cache by providing invalid information. In a DNS poisoning attack, a malicious user attempts to exploit a DNS server by replacing the IP addresses of legitimate hosts with the IP address of one or more malicious hosts.