How do I defend against "clickjacking" attacks regarding ACS 5.3.40 ?
It has been suggested that our current configuration of ACS 5.3.40 could be prone to Clickjacking attacks
Regarding the GUI the ACS needs to be configured to respond to X-Frame Options HTTP header to instruct the browser not to load the application within frames (although ACS 5.3 GUI doesn't appear to use frames). Another suggestion was to include defensive breaking scripts in the application to ensure the application won't be loaded up within a frame.
How can I implement the above? I haven't spotted any of these options in the GUI or CLI pdf. Would I have to raise a software enhancement with Cisco for this or is there a patch available for this?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...