Re: Cisco Adaptive Security Appliance goes beyond blocking ports. Is that a Microsoft-only defense?

On Mar 2, 5:29 pm, "joel garry" <joel-ga..._at_home.com> wrote:
> On Mar 2, 12:20 pm, "Ramon F Herrera" <r..._at_conexus.net> wrote:
>
>
>
> > I recently installed my first Cisco ASA-5500 security box. It is a
> > very impressive piece of equipment, with a bewildering array of
> > capabilities. The feature that find most intriguing is that it goes
> > above (in the ISO/OSI sense) the IP, TCP and UDP layers, presumably
> > inspecting whether a message or packet contains a virus or other
> > malware.
>
> > What I would like to clarify, because is a matter of dispute among
> > some colleagues, is exactly what applications and operating systems
> > are being inspected. My buddies claim (more like a wild or hopeful
> > guess) that not only is port 1521 of an Oracle server blocked but the
> > ASA knows about Oracle exploits, and similarly it can check for
> > weaknesses on behalf of Linux or other Unixes. I find that very hard
> > to believe, and my counterclaim is that only Windows or other
> > Microsoft products have reached a level of disseminated infections to
> > grant the depth of attention by the security software.
>
> > Comments?
>
> > -Ramon F Herrera
>
> Looking at the data sheets, it just looks like it uses typical trend
> micro stuff to look for malware. If they can point to something that
> specifically mentions Oracle, let us know.
>
> Most of us don't even use port 1521 anymore.
>

Please clarify. Are you claiming that most folks are simply using another port different from 1521 in hopes of confusing the attackers (due respect, but that would be a rather poor defense) or are they using a non-TCP mechanism to communicate with the server?

-Ramon Received on Fri Mar 02 2007 - 18:49:32 CST