Cisco Adaptive Security Appliance goes beyond blocking ports. Is that a Microsoft-only defense?|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Ramon F Herrera on March 2, 2007, 3:20 pm
Please log in for more thread options
very impressive piece of equipment, with a bewildering array of capabilities. The feature that find most intriguing is that it goes above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably inspecting whether a message or packet contains a virus or other malware. What I would like to clarify, because is a matter of dispute among some colleagues, is exactly what applications and operating systems are being inspected. My buddies claim (more like a wild or hopeful guess) that not only is port 1521 of an Oracle server blocked but the ASA knows about Oracle exploits, and similarly it can check for weaknesses on behalf of Linux or other Unixes. I find that very hard to believe, and my counterclaim is that only Windows or other Microsoft products have reached a level of disseminated infections to grant the depth of attention by the security software. Comments? -Ramon F Herrera | ||||||||||||||||
|
Posted by joel garry on March 2, 2007, 6:29 pm
Please log in for more thread options Looking at the data sheets, it just looks like it uses typical trend micro stuff to look for malware. If they can point to something that specifically mentions Oracle, let us know. Most of us don't even use port 1521 anymore. Be afraid: http://www.securiteam.com/securitynews/6N00D1FEKE.html http://www.cisco.com/en/US/products/products_security_advisory09186a00806e9b6f.shtml Hey, maybe that means they do know what to look for! jg -- @home.com is bogus. Burn me once, shame on you. Burn me twice, shame on me. Burn me enough times you have to reformat the output for number of times burnt, shame on Microsoft! | ||||||||||||||||
|
Posted by Ramon F Herrera on March 2, 2007, 7:49 pm
Please log in for more thread options >
> > > > I recently installed my first Cisco ASA-5500 security box. It is a
> > very impressive piece of equipment, with a bewildering array of > > capabilities. The feature that find most intriguing is that it goes > > above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably > > inspecting whether a message or packet contains a virus or other > > malware. >
> > What I would like to clarify, because is a matter of dispute among
> > some colleagues, is exactly what applications and operating systems > > are being inspected. My buddies claim (more like a wild or hopeful > > guess) that not only is port 1521 of an Oracle server blocked but the > > ASA knows about Oracle exploits, and similarly it can check for > > weaknesses on behalf of Linux or other Unixes. I find that very hard > > to believe, and my counterclaim is that only Windows or other > > Microsoft products have reached a level of disseminated infections to > > grant the depth of attention by the security software. >
> > Comments?
>
> > -Ramon F Herrera
>
> Looking at the data sheets, it just looks like it uses typical trend > micro stuff to look for malware. If they can point to something that > specifically mentions Oracle, let us know. > > Most of us don't even use port 1521 anymore. > Please clarify. Are you claiming that most folks are simply using another port different from 1521 in hopes of confusing the attackers (due respect, but that would be a rather poor defense) or are they using a non-TCP mechanism to communicate with the server? -Ramon | ||||||||||||||||
|
Posted by joel garry on March 2, 2007, 8:13 pm
Please log in for more thread options >
> > > > > > > > I recently installed my first Cisco ASA-5500 security box. It is a
> > > very impressive piece of equipment, with a bewildering array of > > > capabilities. The feature that find most intriguing is that it goes > > > above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably > > > inspecting whether a message or packet contains a virus or other > > > malware. >
> > > What I would like to clarify, because is a matter of dispute among
> > > some colleagues, is exactly what applications and operating systems > > > are being inspected. My buddies claim (more like a wild or hopeful > > > guess) that not only is port 1521 of an Oracle server blocked but the > > > ASA knows about Oracle exploits, and similarly it can check for > > > weaknesses on behalf of Linux or other Unixes. I find that very hard > > > to believe, and my counterclaim is that only Windows or other > > > Microsoft products have reached a level of disseminated infections to > > > grant the depth of attention by the security software. >
> > > Comments?
>
> > > -Ramon F Herrera
>
> > Looking at the data sheets, it just looks like it uses typical trend
> > micro stuff to look for malware. If they can point to something that > > specifically mentions Oracle, let us know. >
> > Most of us don't even use port 1521 anymore.
>
> Please clarify. Are you claiming that most folks are simply using > another port different from 1521 in hopes of confusing the attackers > (due respect, but that would be a rather poor defense) or are they > using a non-TCP mechanism to communicate with the server? > > -Ramon Search metalink and Oracle security related sites for the minimum necessary hardening. The proof of concept worm that was floating about not long ago got everyone in a tizzy about changing 1521. See http://www.dizwell.com/prod/node/374 petefinnegan.com pointed to this: http://www.sans.org/score/oraclechecklist.php jg -- @home.com is bogus. http://www.cockeyed.com/magic/bad_4.php | ||||||||||||||||
|
Posted by hpuxrac on March 2, 2007, 7:42 pm
Please log in for more thread options > I recently installed my first Cisco ASA-5500 security box. It is a
> very impressive piece of equipment, with a bewildering array of > capabilities. The feature that find most intriguing is that it goes > above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably > inspecting whether a message or packet contains a virus or other > malware. > > What I would like to clarify, because is a matter of dispute among > some colleagues, is exactly what applications and operating systems > are being inspected. My buddies claim (more like a wild or hopeful > guess) that not only is port 1521 of an Oracle server blocked but the > ASA knows about Oracle exploits, and similarly it can check for > weaknesses on behalf of Linux or other Unixes. I find that very hard > to believe, and my counterclaim is that only Windows or other > Microsoft products have reached a level of disseminated infections to > grant the depth of attention by the security software. > > Comments? > > -Ramon F Herrera Why don't you test it out? That starts by constructing a test case and determine how this device allows/prevents/alerts ... | ||||||||||||||||
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> very impressive piece of equipment, with a bewildering array of
> capabilities. The feature that find most intriguing is that it goes
> above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably
> inspecting whether a message or packet contains a virus or other
> malware.
>
> What I would like to clarify, because is a matter of dispute among
> some colleagues, is exactly what applications and operating systems
> are being inspected. My buddies claim (more like a wild or hopeful
> guess) that not only is port 1521 of an Oracle server blocked but the
> ASA knows about Oracle exploits, and similarly it can check for
> weaknesses on behalf of Linux or other Unixes. I find that very hard
> to believe, and my counterclaim is that only Windows or other
> Microsoft products have reached a level of disseminated infections to
> grant the depth of attention by the security software.
>
> Comments?
>
> -Ramon F Herrera