Customizing Protocol Inspections

ASDM enables you to add your own customized service policies. Because the ASA/PIX ships with such a strong security posture by default, no customizations are “required” to ensure additional security. This section does, however, cover how to create a customized service policy should you decide that it's important for your deployment.

The example used is the creation of a service policy that checks the length of a URL and drops the packet if the length is too long. This policy could be effective for preventing hackers from both attempting to guess a URL that could cause buffer overflows or passing URLs that contain SQL commands in an attempt to gain access to a back-end SQL database.

This policy is only one example ...

Get Securing Your Business with Cisco ASA and PIX Firewalls now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.