https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505792#M237489 <DIV class="field field-name-body field-type-text-with-summary field-label-hidden"><DIV class="field-items"><DIV class="field-item even" property="content:encoded"><P>hi experts</P><P>&nbsp;</P><P>we are using cisco ips module in cico asa firewall 5520</P><P>the ips is working fine and it stops sql injections as seen from log</P><P>however, one coleague&nbsp;showed me how he can bypass the ips using one software that sends the username ‘ or 1=1 –&nbsp;encoded (url encoder/decoder)</P><P>is there any way to let the ips checks the username as clear text and also&nbsp;as encoded ?</P><P>&nbsp;</P><P>thanks</P></DIV></DIV></DIV> Tue, 12 Mar 2019 04:20:26 GMT ohassairi 2019-03-12T04:20:26Z https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505792#M237489 <DIV class="field field-name-body field-type-text-with-summary field-label-hidden"><DIV class="field-items"><DIV class="field-item even" property="content:encoded"><P>hi experts</P><P>&nbsp;</P><P>we are using cisco ips module in cico asa firewall 5520</P><P>the ips is working fine and it stops sql injections as seen from log</P><P>however, one coleague&nbsp;showed me how he can bypass the ips using one software that sends the username ‘ or 1=1 –&nbsp;encoded (url encoder/decoder)</P><P>is there any way to let the ips checks the username as clear text and also&nbsp;as encoded ?</P><P>&nbsp;</P><P>thanks</P></DIV></DIV></DIV> Tue, 12 Mar 2019 04:20:26 GMT https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505792#M237489 ohassairi 2019-03-12T04:20:26Z https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505793#M237491 <P>To my knowledge this is not possible using IPS.&nbsp; IPS filters based on signatures from Cisco, manually configured signatures, traffic anomoly...etc.&nbsp; So the IPS does not check and authenticate users, devices, and does not do MAB which is authentication.&nbsp; For this you would need to have an ISE or similar user access control device.</P><P>You may also need to add exceptions to the IPS to allow the sql traffic as well...but then you may or may not want to also have user authentication in addition.</P><P>--</P><P>Please remember to select a correct answer and rate helpful posts</P> Wed, 18 Jun 2014 08:14:18 GMT https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505793#M237491 Marius Gunnerud 2014-06-18T08:14:18Z https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505794#M237496 <P>Hello,</P><P>&nbsp;</P><P>To fix that issue you should check your <SPAN class="GINGER_SOFTWARE_mark" ginger_software_uiphraseguid="5c43057b-a2b1-4d20-afd7-bc24d01a4ab4" id="d5e644be-181a-4931-a52b-e1a31e63fb0d">sql</SPAN> configuration.</P><P>&nbsp;</P><P>Regards</P> Wed, 18 Jun 2014 12:41:14 GMT https://community.cisco.com/t5/network-security/ips-module-bypass/m-p/2505794#M237496 Juraj Papic 2014-06-18T12:41:14Z