Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Silver

IPS module bypass

hi experts

 

we are using cisco ips module in cico asa firewall 5520

the ips is working fine and it stops sql injections as seen from log

however, one coleague showed me how he can bypass the ips using one software that sends the username ‘ or 1=1 – encoded (url encoder/decoder)

is there any way to let the ips checks the username as clear text and also as encoded ?

 

thanks

2 REPLIES

To my knowledge this is not

To my knowledge this is not possible using IPS.  IPS filters based on signatures from Cisco, manually configured signatures, traffic anomoly...etc.  So the IPS does not check and authenticate users, devices, and does not do MAB which is authentication.  For this you would need to have an ISE or similar user access control device.

You may also need to add exceptions to the IPS to allow the sql traffic as well...but then you may or may not want to also have user authentication in addition.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Community Member

Hello, To fix that issue you

Hello,

 

To fix that issue you should check your sql configuration.

 

Regards

77
Views
0
Helpful
2
Replies
CreatePlease to create content