Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Security Agent Preventing ASP.NET Application

I am a software developer and I have an ASP.NET application running on a server that has CSA running. The CSA is preventing access to a folder that ASP.NET needs. I am working with our Network Security Team to try and get CSA modified to allow the necessary access. I know very, very little about CSA or how it works. But I was wondering if maybe there was a default CSA configuration or profile for a server that was running ASP.NET and hosting ASP.NET applications? If so, then I could just tell the security team to set up the CSA in that configuration. They currently have the server locked down super tight and I am hoping that I won't have to tell them every single folder and file that I need access to. Does anyone know if there is a standard configuration for CSA on a web server running IIS 6 and ASP.NET v1.1?

2 REPLIES
New Member

Re: Cisco Security Agent Preventing ASP.NET Application

Hi Corey,

As far as I can tell, there aren't any default ASP.NET rules available. But I came across the same issue, so here is my solution:

- Create these 4 File Sets

"ASP.NET Framework Config Files"

Directories matching: @windows\Microsoft.NET\Framework\*\config\*

Files matching:

"ASP.NET Framework Temp DLL Files"

Directories matching: @windows\Microsoft.NET\Framework\*\Temporary ASP.NET\**

Files matching: *.DLL

"ASP.NET Framework Executables"

Directories matching: @windows\Microsoft.NET\Framework\**

Files matching: *.exe

"Windows Temp Files"

Directories matching: @windows\Temp\**

Files matching:

- Create this Application Class

"ASP.NET Framework"

$ASP.NET Framework Executables

only this process

- Create this User State Set

"ASP.NET Accounts"

NT AUTHORITY\NETWORK SERVICE

*\ASPNET

*\IUSR_*

*\IWAM_*

- Create this Windows Rule Module

"ASP.NET Framework"

Apply this rule module only if the following state conditions are met:

User State Conditions: ASP.NET Accounts

- Create these File Access Control Rules

"ASP.NET access to .NET config files"

Allow

IIS Web Server application

Read File, Write File

on $ASP.NET Framework Config Files

"ASP.NET access to temp DLL files"

Allow

IIS Web Server application

Read File, Write File, Write Directory

on $ASP.NET Framework Temp DLL Files

"ASP.NET Framework access to temp files"

Allow

ASP.NET Framework

Read File, Write File, Write Directory

on $Windows Temp Files

- Create this System API Control Rule

"ASP.NET IIS API Call"

Allow (I have logging turned on for this one)

IIS Web Server application

check Access system functions from code executing in data or stack space,

There you go, one ASP.NET module. I really don't like that last rule, but I haven't yet identified all of the patterns to restrict it (hence why I have logging turned on).

New Member

Re: Cisco Security Agent Preventing ASP.NET Application

How will this module differ if we are using .NET v2.0?

141
Views
5
Helpful
2
Replies
CreatePlease to create content