Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
2
Replies

IPS module bypass

ohassairi
Level 5
Level 5

‎06-17-2014 03:12 AM - edited ‎03-11-2019 09:20 PM

hi experts

 

we are using cisco ips module in cico asa firewall 5520

the ips is working fine and it stops sql injections as seen from log

however, one coleague showed me how he can bypass the ips using one software that sends the username ‘ or 1=1 – encoded (url encoder/decoder)

is there any way to let the ips checks the username as clear text and also as encoded ?

 

thanks

Labels:
0 Helpful
2 Replies 2

Marius Gunnerud
VIP
VIP

‎06-18-2014 01:14 AM

To my knowledge this is not possible using IPS.  IPS filters based on signatures from Cisco, manually configured signatures, traffic anomoly...etc.  So the IPS does not check and authenticate users, devices, and does not do MAB which is authentication.  For this you would need to have an ISE or similar user access control device.

You may also need to add exceptions to the IPS to allow the sql traffic as well...but then you may or may not want to also have user authentication in addition.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Juraj Papic
Level 3
Level 3

‎06-18-2014 05:41 AM

Hello,

 

To fix that issue you should check your sql configuration.

 

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card