Using this embedding technique, malformed packets can be crafted to carry viruses, worms,
Trojans, or any other malicious activity. With deep packet inspection, IOS Firewall inspects the data streams to ensure that
traffic that is assumed to be HTTP is legitimate web browsing and not IM or illegitimate traffic that is trying to gain
unauthorized access through the firewall.
As shown in Figure 5-5 , the HTTP Inspection Engine gives IOS Firewall engine more granular control and the intelligence to
block non-HTTP traffic by challenging its legitimacy and conformance to standards. The HTTP inspection performs packet
inspection to detect whether any applications are being tunneled through port 80.
Figure 5-5. HTTP Inspection Engine with Advanced Application Inspection
[View full size image]
Packets not conforming to the standards in HTTP protocol are dropped. A reset message is sent out, and a SYSLOG message
is generated accordingly.
This feature was introduced in IOS Version 12.3(14)T.
Note
For a configuration template, visit
www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455927.html#wp1027188
.
E-Mail Inspection Engine
Similar to the SMTP protocol, the ESMTP protocol provides a basic method for exchanging e-mail messages.
Pages:
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230