Solved

PCI compliance issue with Cisco ASA

Posted on 2014-07-21
3
54 Views
Last Modified: 2015-12-30
THREAT:
Your firewall policy seems to let TCP packets with a specific source port pass through.
IMPACT:
Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that
unauthorized users can use to bypass your firewall.
SOLUTION:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be
configured to block all TCP SYN packets going to this port, regardless of the source port.
RESULT:
The host responded 4 times to 4 TCP SYN probes sent to destination port 80 using source port 80. However, it did not respond at all to 4 TCP SYN
probes sent to the same destination port using a random source port.
0
Comment
Question by:Joel Fernandez
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40211654
It seems you're hosting a web server internal to your ASA and allowing that to come in.

Nonetheless, the report claims that it can reach destination port if the source port is specific (80 in your sample), but it can't if it use a random port (between 1024 and 65535 for example). Client normally use random port and so your rule shouldn't take into account the source port number.

So one of your rule is faulty as afar we can "guess" because ASA typically allows flows if the source port is specific and in this case legit HTTP port for web traffic (assuming you have web server etc), whereas, for norm cases, ASA should only filter on the destination port, which is the only static part between the two.

I "guess" you miss creating one of your rule by unintentational swapping source and destination port value
0

Featured Post

Enroll in July's Course of the Month

July's Course of the Month is now available! Enroll to learn HTML5 and prepare for certification. It's free for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question