The AIC HTTP/FTP analize more specific details related whith the services that de Service FTP, Service HTTP, (and much more than atomic signature) like what kind of objects can you download or not from a web server (image, video, audio, etc) or what kind of commands are performed in a FTP connection (you can analize much more details in HTTP connection, but in FTP connection only commands analisys are allowed)
You can use AIC to analize specific things after the session was established and want to control what the user do with your web server.
Use the HTTP service to find kinds of attacks like buffer overflows, or specifics attacks in the URL request like directory traversal.
One of the distinct differences is that the AIC engines have a few signatures that can not be created in any other engines. These include:
12674 Alarm on non-http traffic
12676 Request Method Not Recognized
12686 Recognized Transfer Encoding
12673 Recognized Content Type
12900 Unrecognized FTP Command
Standard signatures will look for a string and will fire the alert when the string IS seen in the connection.
BUT the above signatures work differently. Instead of firing an alert when the string is seen, these signatures instead fire alert when NONE of the strings in the signature are seen in the connection.
In the case of 12674 the sensor will fire on web port connections that do NOT look like normal web connections (does not have a URL request). Some other protocol may being run on the standard web port. The sensor will alert on this non-web traffic on a web port and deny the connection.
Under normal signatrue writing we would have to write a signature to match every other protocol and see if it is running on a web port. That would be pretty much impossible given the number of protocols. So instead we can use this one sig and fire on everything that is NOT web traffic on a web port.
The other 4 signatures are very similar.
For example with 12676 it has a list of allowed web request methods (GET, HEAD, POST, etc...) If the sensor sees a request method that is NOT in this list, then it fires the alert (and denies the connection).
This prevents unknown web request methods from entering your network.
The other signatures listed above are similar constructed for the type of data they are built to look for.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :