Application Layer

Unanswered Question
May 21st, 2008
User Badges:

Dear ALL,

I'd like to know if is there a CISCO firewall able to perform layer application filtering task, like protection from cross site scripting and sql injections.


Alberto Brivio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oszkari Thu, 05/22/2008 - 07:19
User Badges:

You can create regular expressions specific to those attacks and filter using Modular Policy Framework.

One example for xss attacks would be:

regex url "(^)*(http)"

policy-map type inspect http http_in

match request uri regex url

drop-connection log

Hope it was helpful.

suschoud Thu, 05/22/2008 - 12:40
User Badges:
  • Gold, 750 points or more

i think for writing the regular expressions corresponding to an attack would be too much of configuraiton.

I would suggest enabling default signatures on asa using ip audit commands.

that would take care of most frequently seen attacks.

now,to be safe against every new attack which come out,f/w would need an aip-ssm module in it.the intrusion prevention module can defend the network against any known has a huge database of signatures which get updates regularly on cisco website.



oszkari Thu, 05/22/2008 - 23:20
User Badges:

Sorry but I must disagree:)

You are right, it is a litle bit work doing regexs but, as far as I know the built-in signatures on a cisco firewall (ASA/PIX) does not cover the sql injection and xss related attacks.

Obviously a better solution would be an AIP-SSM, but then we would talk about filtering with an IPS and not a firewall:)


This Discussion