Application Layer

Unanswered Question
May 21st, 2008
User Badges:

Dear ALL,

I'd like to know if is there a CISCO firewall able to perform layer application filtering task, like protection from cross site scripting and sql injections.



Regards


Alberto Brivio

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
oszkari Thu, 05/22/2008 - 07:19
User Badges:

You can create regular expressions specific to those attacks and filter using Modular Policy Framework.


One example for xss attacks would be:


regex url "(^)*(http)"


policy-map type inspect http http_in

match request uri regex url

drop-connection log



Hope it was helpful.


suschoud Thu, 05/22/2008 - 12:40
User Badges:
  • Gold, 750 points or more

i think for writing the regular expressions corresponding to an attack would be too much of configuraiton.

I would suggest enabling default signatures on asa using ip audit commands.


that would take care of most frequently seen attacks.


now,to be safe against every new attack which come out,f/w would need an aip-ssm module in it.the intrusion prevention module can defend the network against any known attack.it has a huge database of signatures which get updates regularly on cisco website.


hth,

Sushil

oszkari Thu, 05/22/2008 - 23:20
User Badges:

Sorry but I must disagree:)


You are right, it is a litle bit work doing regexs but, as far as I know the built-in signatures on a cisco firewall (ASA/PIX) does not cover the sql injection and xss related attacks.


Obviously a better solution would be an AIP-SSM, but then we would talk about filtering with an IPS and not a firewall:)



Actions

This Discussion