I recently installed my first Cisco ASA-5500 security box. It is a very impressive piece of equipment, with a bewildering array of capabilities. The feature that find most intriguing is that it goes above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably inspecting whether a message or packet contains a virus or other malware.
What I would like to clarify, because is a matter of dispute among some colleagues, is exactly what applications and operating systems are being inspected. My buddies claim (more like a wild or hopeful guess) that not only is port 1521 of an Oracle server blocked but the ASA knows about Oracle exploits, and similarly it can check for weaknesses on behalf of Linux or other Unixes. I find that very hard to believe, and my counterclaim is that only Windows or other Microsoft products have reached a level of disseminated infections to grant the depth of attention by the security software.
Comments?
-Ramon F Herrera