https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701148#M87512 <HTML><HEAD></HEAD><BODY><P>I will give it a try, I didn't realize it used a .ram suffix.</P></BODY></HTML> Thu, 22 Feb 2007 02:32:15 GMT bjames 2007-02-22T02:32:15Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701146#M87507 <P>Hi,</P><P>I am implementing ASA's with SSM modules and I wanted confirmation that they can inspect http and block embedded traffic such as Internet Radio from being tunnelled through HTTP.</P><P></P><P>The Cisco documentation hints at this, but I would like confirmation.</P><P></P><P>We will be implementing WebSense, but I was hoping the SSM modules would be a good temporary solution.</P><P></P><P>Thanks in advance.</P> Sun, 10 Mar 2019 10:28:21 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701146#M87507 bjames 2019-03-10T10:28:21Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701147#M87510 <HTML><HEAD></HEAD><BODY><P>You can create a signature that uses the service http engine and a request regex = .ram, in monitoring -&gt; events. As a action you can either choose "block attacker inline" which blocks user completely or better choose "TCP reset" option.</P><P>For Creating Custom Signatures follow the link</P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/idmguide/dmsigwiz.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids11/idmguide/dmsigwiz.htm</A></P><P></P></BODY></HTML> Wed, 21 Feb 2007 19:55:11 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701147#M87510 gmarogi 2007-02-21T19:55:11Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701148#M87512 <HTML><HEAD></HEAD><BODY><P>I will give it a try, I didn't realize it used a .ram suffix.</P></BODY></HTML> Thu, 22 Feb 2007 02:32:15 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701148#M87512 bjames 2007-02-22T02:32:15Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701149#M87513 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Are you using AIP-SSM (Intrusion Prevention) or CSC-SSM (Content Security)?</P><P></P><P>Andrew</P></BODY></HTML> Fri, 23 Feb 2007 04:48:07 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701149#M87513 Andrew Ossipov 2007-02-23T04:48:07Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701150#M87515 <HTML><HEAD></HEAD><BODY><P>IPS - SSM</P><P></P><P>I tried filtering on REGX, but it will get every hit of .ram, so it's not too accurate.</P></BODY></HTML> Sat, 24 Feb 2007 22:29:15 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701150#M87515 bjames 2007-02-24T22:29:15Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701151#M87517 <HTML><HEAD></HEAD><BODY><P>The AIP-SSM module is not designed for content filtering. You should probably try CSC-SSM for that, but you can also use Modular Policy Framework (MPF) on the ASA itself to accomplish the task:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/mpc.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/firewall/mpc.htm</A></P><P></P><P>It's even simpler through ASDM, where you have some pre-defined maps that allow you to block streaming audio/video over HTTP.</P><P></P><P>Andrew</P></BODY></HTML> Sun, 25 Feb 2007 06:55:51 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701151#M87517 Andrew Ossipov 2007-02-25T06:55:51Z https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701152#M87518 <HTML><HEAD></HEAD><BODY><P>Thanks, that's kind of what I figured. We want the IPS so we will stay with these modules, and use Websense for the filtering.</P><P></P><P>My understanding of the SSM module is it provide much more inspection capabilities that the MPF inspects (it will do them all but provides more in-depth control)</P><P></P><P>Thanks</P></BODY></HTML> Sun, 25 Feb 2007 14:34:39 GMT https://community.cisco.com/t5/network-security/asa-ssm-module-inspecting-and-blocking-internet-radio/m-p/701152#M87518 bjames 2007-02-25T14:34:39Z