05-21-2008 07:11 AM - edited 03-11-2019 05:47 AM
Dear ALL,
I'd like to know if is there a CISCO firewall able to perform layer application filtering task, like protection from cross site scripting and sql injections.
Regards
Alberto Brivio
05-22-2008 07:19 AM
You can create regular expressions specific to those attacks and filter using Modular Policy Framework.
One example for xss attacks would be:
regex url "(^)*(http)"
policy-map type inspect http http_in
match request uri regex url
drop-connection log
Hope it was helpful.
05-22-2008 12:40 PM
i think for writing the regular expressions corresponding to an attack would be too much of configuraiton.
I would suggest enabling default signatures on asa using ip audit commands.
that would take care of most frequently seen attacks.
now,to be safe against every new attack which come out,f/w would need an aip-ssm module in it.the intrusion prevention module can defend the network against any known attack.it has a huge database of signatures which get updates regularly on cisco website.
hth,
Sushil
05-22-2008 11:20 PM
Sorry but I must disagree:)
You are right, it is a litle bit work doing regexs but, as far as I know the built-in signatures on a cisco firewall (ASA/PIX) does not cover the sql injection and xss related attacks.
Obviously a better solution would be an AIP-SSM, but then we would talk about filtering with an IPS and not a firewall:)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide