Application Inspection
Application inspection can look at the application protocol content of a packet to ensure that it is allowed to pass through the security Cisco ASA. Application inspection is a three step configuration process:
|
Step 1. |
Set up the Application Inspection Map. - Drop connections if they are not RFC 2616 compliant. RFC 2616 defines the HTTP 1.1 protocol specification. - Allow connections after verifying the content-type field. - Reset connections if the MAX URI exceeds 250 bytes. - Drop connections for P2P applications such as Kazaa and Gnutella. The RFC compliance and content-type verification are checked under the General tab, as shown in Figure 19-18, in which an HTTP map called web-traffic is set up. Select Drop Connection as the action under RFC Compliance. Because SecureMe is interested in looking at the logs whenever a noncompliant packet tries to traverse through Cisco ASA, also check the Generate Syslog option. To enable content-type verification, check Verify Content-Type Field Belongs to the Supported Internal Content-Type List and specify Allow Connection as the action and check Generate Syslog to log this event.Figure 19-18. RFC Compliance and Content-Type Verification 
Figure 19-19 shows how to specify the maximum URL length when an HTTP packet traverses through the security Cisco ASA. It is set up under the Entity Length tab in the Add HTTP Map window. Check Inspect URI Length and specify the maximum length of 250 bytes. Figure 19-19. Setting Maximum URI Length 
Click the Application Category tab to set up inspection for specific application types that are included in an HTTP request. Choose P2P under Available Categories and select Drop Connection as the applied action. Enable Generate Syslog to log an entry if Cisco ASA drops the P2P HTTP packets. Click Add to move the entry with the selected action to the specified category table. Figure 19-20 illustrates how to set it up. Figure 19-20. Application Inspection 
|
|
Step 2. |
Define a policy map. Figure 19-21. Adding a New Service Policy 
The next configuration window prompts you to choose how to classify the traffic when it passes through Cisco ASA. Because SecureMe is interested in inspecting the web traffic, choose as the traffic match criteria TCP or UDP Destination Port, as shown in Figure 19-22. The next window (not shown) prompts you to specify at which Layer 4 port number to inspect the traffic. SecureMe uses port 80 for all of its web traffic, and consequently the selected TCP destination port is 80. Figure 19-22. Classifying Traffic 
|
|
Step 3. |
Link the inspection map to the service policy. Figure 19-23. Inspection Map and Service Policy 
|
Example 19-8 shows the complete configuration of an HTTP map and the service policy.
Example 19-8. HTTP Map Configuration Generated by ASDM
http-map web-traffic strict-http action drop log content-type-verification action allow log max-uri-length 250 action reset port-misuse p2p action drop log class-map inside-class match port tcp eq 80 policy-map inside-policy class inside-class inspect http web-traffic service-policy inside-policy interface inside
Part I: Product Overview
Introduction to Network Security
- Introduction to Network Security
- Firewall Technologies
- Intrusion Detection and Prevention Technologies
- Network-Based Attacks
- Virtual Private Networks
- Summary
Product History
- Product History
- Cisco Firewall Products
- Cisco IDS Products
- Cisco VPN Products
- Cisco ASA All-in-One Solution
- Summary
Hardware Overview
Part II: Firewall Solution
Initial Setup and System Maintenance
- Initial Setup and System Maintenance
- Accessing the Cisco ASA Appliances
- Managing Licenses
- Initial Setup
- IP Version 6
- Setting Up the System Clock
- Configuration Management
- Remote System Management
- System Maintenance
- System Monitoring
- Summary
Network Access Control
- Network Access Control
- Packet Filtering
- Advanced ACL Features
- Content and URL Filtering
- Deployment Scenarios Using ACLs
- Monitoring Network Access Control
- Understanding Address Translation
- DNS Doctoring
- Monitoring Address Translations
- Summary
IP Routing
Authentication, Authorization, and Accounting (AAA)
- Authentication, Authorization, and Accounting (AAA)
- AAA Protocols and Services Supported by Cisco ASA
- Defining an Authentication Server
- Configuring Authentication of Administrative Sessions
- Authenticating Firewall Sessions (Cut-Through Proxy Feature)
- Configuring Authorization
- Configuring Accounting
- Deployment Scenarios
- Troubleshooting AAA
- Summary
Application Inspection
- Application Inspection
- Enabling Application Inspection Using the Modular Policy Framework
- Selective Inspection
- Computer Telephony Interface Quick Buffer Encoding Inspection
- Domain Name System
- Extended Simple Mail Transfer Protocol
- File Transfer Protocol
- General Packet Radio Service Tunneling Protocol
- H.323
- HTTP
- ICMP
- ILS
- MGCP
- NetBIOS
- PPTP
- Sun RPC
- RSH
- RTSP
- SIP
- Skinny
- SNMP
- SQL*Net
- TFTP
- XDMCP
- Deployment Scenarios
- Summary
Security Contexts
- Security Contexts
- Architectural Overview
- Configuration of Security Contexts
- Deployment Scenarios
- Monitoring and Troubleshooting the Security Contexts
- Summary
Transparent Firewalls
- Transparent Firewalls
- Architectural Overview
- Transparent Firewalls and VPNs
- Configuration of Transparent Firewall
- Deployment Scenarios
- Monitoring and Troubleshooting the Transparent Firewall
- Summary
Failover and Redundancy
- Failover and Redundancy
- Architectural Overview
- Failover Configuration
- Deployment Scenarios
- Monitoring and Troubleshooting Failovers
- Summary
Quality of Service
- Quality of Service
- Architectural Overview
- Configuring Quality of Service
- QoS Deployment Scenarios
- Monitoring QoS
- Summary
Part III: Intrusion Prevention System (IPS) Solution
Intrusion Prevention System Integration
- Intrusion Prevention System Integration
- Adaptive Inspection Prevention Security Services Module Overview (AIP-SSM)
- Directing Traffic to the AIP-SSM
- AIP-SSM Module Software Recovery
- Additional IPS Features
- Summary
Configuring and Troubleshooting Cisco IPS Software via CLI
- Configuring and Troubleshooting Cisco IPS Software via CLI
- Cisco IPS Software Architecture
- Introduction to the CIPS 5.x Command-Line Interface
- User Administration
- AIP-SSM Maintenance
- Advanced Features and Configuration
- Summary
Part IV: Virtual Private Network (VPN) Solution
Site-to-Site IPSec VPNs
- Site-to-Site IPSec VPNs
- Preconfiguration Checklist
- Configuration Steps
- Advanced Features
- Optional Commands
- Deployment Scenarios
- Monitoring and Troubleshooting Site-to-Site IPSec VPNs
- Summary
Remote Access VPN
- Remote Access VPN
- Cisco IPSec Remote Access VPN Solution
- Advanced Cisco IPSec VPN Features
- Deployment Scenarios of Cisco IPSec VPN
- Monitoring and Troubleshooting Cisco Remote Access VPN
- Cisco WebVPN Solution
- Advanced WebVPN Features
- Deployment Scenarios of WebVPN
- Monitoring and Troubleshooting WebVPN
- Summary
Public Key Infrastructure (PKI)
- Public Key Infrastructure (PKI)
- Introduction to PKI
- Enrolling the Cisco ASA to a CA Using SCEP
- Manual (Cut-and-Paste) Enrollment
- Configuring CRL Options
- Configuring IPSec Site-to-Site Tunnels Using Certificates
- Configuring the Cisco ASA to Accept Remote-Access VPN Clients Using Certificates
- Troubleshooting PKI
- Summary
Part V: Adaptive Security Device Manager
Introduction to ASDM
- Introduction to ASDM
- Setting Up ASDM
- Initial Setup
- Functional Screens
- Interface Management
- System Clock
- Configuration Management
- Remote System Management
- System Maintenance
- System Monitoring
- Summary
Firewall Management Using ASDM
- Firewall Management Using ASDM
- Access Control Lists
- Address Translation
- Routing Protocols
- AAA
- Application Inspection
- Security Contexts
- Transparent Firewalls
- Failover
- QoS
- Summary
IPS Management Using ASDM
- IPS Management Using ASDM
- Accessing the IPS Device Management Console from ASDM
- Configuring Basic AIP-SSM Settings
- Advanced IPS Configuration and Monitoring Using ASDM
- Summary
VPN Management Using ASDM
- VPN Management Using ASDM
- Site-to-Site VPN Setup Using Preshared Keys
- Site-to-Site VPN Setup Using PKI
- Cisco Remote-Access IPSec VPN Setup
- WebVPN
- VPN Monitoring
- Summary
Case Studies
EAN: 2147483647
Pages: 231
