Link to home
Create AccountLog in
Avatar of trojan81
trojan81

asked on

Cisco IPS

Experts,

Does anyone know if the AIP-SSM module for an ASA can protect against advanced web attacks like an application firewall?

Example, suppose I have a Microsoft ISA server behind the firewall on the DMZ doing reverse proxy for my web applications. The ISA does not have any addons that can protect against advanced web attacks such as cross-site-scripting, buffer overflow, sql injection, etc.
HOwever, if I stick an AIP-SSM module into the firewall would I be able to provide application layer protection at the module before traffic hits my ISA?
ASKER CERTIFIED SOLUTION
Avatar of asavener
asavener
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of trojan81
trojan81

ASKER

asavener, then would it be correct to say that an ASA with an AIM SSM module is also an application layer firewall?
Definitely.
thanks. just want to get another confirmation before I close and award the points.
Because if this is true, technically i won't need to invest in a software application firewall on my ISA server that is on the DMZ.