Application Layer

albertobrivio42 · ‎05-21-2008

Dear ALL,

I'd like to know if is there a CISCO firewall able to perform layer application filtering task, like protection from cross site scripting and sql injections.

Regards

Alberto Brivio

oszkari · ‎05-22-2008

You can create regular expressions specific to those attacks and filter using Modular Policy Framework.

One example for xss attacks would be:

regex url "(^)*(http)"

policy-map type inspect http http_in

match request uri regex url

drop-connection log

Hope it was helpful.

suschoud · ‎05-22-2008

i think for writing the regular expressions corresponding to an attack would be too much of configuraiton.

I would suggest enabling default signatures on asa using ip audit commands.

that would take care of most frequently seen attacks.

now,to be safe against every new attack which come out,f/w would need an aip-ssm module in it.the intrusion prevention module can defend the network against any known attack.it has a huge database of signatures which get updates regularly on cisco website.

hth,

Sushil

oszkari · ‎05-22-2008

Sorry but I must disagree:)

You are right, it is a litle bit work doing regexs but, as far as I know the built-in signatures on a cisco firewall (ASA/PIX) does not cover the sql injection and xss related attacks.

Obviously a better solution would be an AIP-SSM, but then we would talk about filtering with an IPS and not a firewall:)