O'Reilly logo

Securing Your Business with Cisco ASA and PIX Firewalls by Greg Abelar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CSA Internals

CSA is unique in the way it stops attacks against hosts and servers. Many prevention technologies use anomaly-type detection or attack signatures, both of which can be subverted by a knowledgeable attacker. Anomaly detection can be circumvented by launching an attack that uses only normal valid data packets. Signatures can be circumvented by using a variation of known attacks. A simplistic example that does not represent a real-world way to circumvent Nimda is where a signature for Nimda might be looking for a string that has the string “NIMDA” in the payload. An attacker can easily change that string to add null characters between the text letters, with the result “N00I00M00D00A00”. The attack packet no longer has the string “NIMDA” ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required