Perimeter Protocol Enforcement


The ASA/PIX Security Appliance comes with a standard set of protocol application inspections. Inspections are functions within the ASA/PIX to ensure that data isn't passing through the ASA/PIX, inside of a packet, that could cause damage to a server or network to which the packet is destined.

NOTE

Some application inspections have non-security-related features. For example, NetBIOS inspections look into the data portion of the packet at source IP addresses and make sure that those addresses are properly represented in the packet header. All security appliances need this functionality to ensure that network address translation (NAT) functions correctly.


The ASA/PIX performs application inspection for the protocols listed in Table 8-1. This is a list of the most commonly used protocols; for a more in-depth list, refer to the Cisco ASA/PIX web page at http://www.cisco.com/go/pix/.

Table 8-1. Inspected Protocols

Protocol

Protocol Definition

DNS

Domain Name Services used to translate names to IP addresses

FTP

File Transfer Utility Internet standard for moving files

HTTP

Hypertext Transfer Protocol the Internet standard for browsing Internet websites

H323 H225

A standard to support visual telephony services

H323 RAS

A standard to support telephony gatekeeper services

ILS

Provides name/address resolution for IP video conferencing

RSH

Remote Shell Protocol allows users to execute commands on a remote system without logging in to the remote system

RTSP

Real Time Streaming Protocol the Internet standard for delivering real-time video and audio streaming

ESMTP

Extended Simple Mail Transfer Protocol SMTP with enhanced extensions

SQLNET

The Internet standard for allowing the delivery of queries to SQL-compliant databases over the network

SKINNY

Skinny Client Control Protocol (SCCP) enables IP telephony communication between voice clients

XDMCP

X Display Manager Control Protocol used to communicate between devices running X Windows sessions

SIP

Session Initiation Protocol used to establish sessions for IP telephony

NETBIOS

Microsoft Windows Network Protocol used to connect devices running Windows operating systems

CTIQBE

Computer Telephony Interface Quick Buffer Encoding IP telephony encoding standard

TFTP

Trivial File Transfer Protocol used to update many device images and configurations

ICMP

Internet Control Message Protocol a standard used to communicate status and error messages between network devices using the TCP/IP protocol

SNMP

Simple Network Management Protocol a standard used to manage network devices


You can browse these protocol application inspections at the following ASDM location:

Step 1.

Navigate to Configuration > Features > Security Policy and click the Service Policy Rules option button.

Step 2.

Choose the line that says inspection default and click Edit. The panel shown in Figure 8-1 will display.

Figure 8-1. Add Service Policy


Step 3.

From here, you can open the panel Traffic Classification, which lists the protocol port numbers.

Step 4.

To see the default protocols that are inspected, click the tab Rule Actions. (See Figure 8-2.)

Figure 8-2. Default Inspections


The details of the default actions of an application inspection are Cisco proprietary. Generally speaking, however, default inspections look into a packet and ensure that a protocol command is valid. As well, they confirm that certain lengths of protocols packets haven't been exceeded. Finally, they ensure that a source address embedded in Layer 7 payload is written to the header of the packet to fix potential problems with NAT. For an in-depth discussion on ASA/PIX application inspection, go to the technical documentation link at http://www.cisco.com/go/pix.



Securing Your Business with Cisco ASA and PIX Firewalls
Securing Your Business with Cisco ASA and PIX Firewalls
ISBN: 1587052148
EAN: 2147483647
Year: 2006
Pages: 120
Authors: Greg Abelar

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net