Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Application Layer

Dear ALL,

I'd like to know if is there a CISCO firewall able to perform layer application filtering task, like protection from cross site scripting and sql injections.

Regards

Alberto Brivio

3 REPLIES
New Member

Re: Application Layer

You can create regular expressions specific to those attacks and filter using Modular Policy Framework.

One example for xss attacks would be:

regex url "(^)*(http)"

policy-map type inspect http http_in

match request uri regex url

drop-connection log

Hope it was helpful.

Silver

Re: Application Layer

i think for writing the regular expressions corresponding to an attack would be too much of configuraiton.

I would suggest enabling default signatures on asa using ip audit commands.

that would take care of most frequently seen attacks.

now,to be safe against every new attack which come out,f/w would need an aip-ssm module in it.the intrusion prevention module can defend the network against any known attack.it has a huge database of signatures which get updates regularly on cisco website.

hth,

Sushil

New Member

Re: Application Layer

Sorry but I must disagree:)

You are right, it is a litle bit work doing regexs but, as far as I know the built-in signatures on a cisco firewall (ASA/PIX) does not cover the sql injection and xss related attacks.

Obviously a better solution would be an AIP-SSM, but then we would talk about filtering with an IPS and not a firewall:)

211
Views
0
Helpful
3
Replies