Verifying and monitoring ftp inspection, Http inspection, Http inspection overview – Cisco ASA 5505 User Manual

Page 892

Advertising
background image

43-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 43 Configuring Inspection of Basic Internet Protocols

HTTP Inspection

hostname(config-pmap)# class ftp-traffic

hostname(config-pmap-c)# inspect ftp strict mymap

hostname(config)# service-policy ftp-policy interface inside

Verifying and Monitoring FTP Inspection

FTP application inspection generates the following log messages:

An Audit record 303002 is generated for each file that is retrieved or uploaded.

The FTP command is checked to see if it is RETR or STOR and the retrieve and store commands
are logged.

The username is obtained by looking up a table providing the IP address.

The username, source IP address, destination IP address, NAT address, and the file operation are
logged.

Audit record 201005 is generated if the secondary dynamic channel preparation failed due to
memory shortage.

In conjunction with NAT, the FTP application inspection translates the IP address within the application
payload. This is described in detail in RFC 959.

HTTP Inspection

This section describes the HTTP inspection engine. This section includes the following topics:

HTTP Inspection Overview, page 43-16

Configuring an HTTP Inspection Policy Map for Additional Inspection Control, page 43-17

HTTP Inspection Overview

Use the HTTP inspection engine to protect against specific attacks and other threats that are associated
with HTTP traffic. HTTP inspection performs several functions:

Enhanced HTTP inspection

URL screening through N2H2 or Websense

See

Information About URL Filtering, page 39-6

for information.

Java and ActiveX filtering

The latter two features are configured in conjunction with the filter command. For more information
about filtering, see

Chapter 39, “Configuring Filtering Services.”

The enhanced HTTP inspection feature, which is also known as an application firewall and is available
when you configure an HTTP map (see

“Configuring an HTTP Inspection Policy Map for Additional

Inspection Control”

), can help prevent attackers from using HTTP messages for circumventing network

security policy. It verifies the following for all HTTP messages:

Conformance to RFC 2616

Use of RFC-defined methods only.

Compliance with the additional criteria.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals