CSA Internals
CSA is unique in the way it stops attacks against hosts and servers. Many prevention technologies use anomaly-type detection or attack signatures, both of which can be subverted by a knowledgeable attacker. Anomaly detection can be circumvented by launching an attack that uses only normal valid data packets. Signatures can be circumvented by using a variation of known attacks. A simplistic example that does not represent a real-world way to circumvent Nimda is where a signature for Nimda might be looking for a string that has the string “NIMDA” in the payload. An attacker can easily change that string to add null characters between the text letters, with the result “N00I00M00D00A00”. The attack packet no longer has the string “NIMDA” ...
Get Securing Your Business with Cisco ASA and PIX Firewalls now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
