Solved

PCI compliance issue with Cisco ASA

Posted on 2014-07-21
3
35 Views
Last Modified: 2015-12-30
THREAT:
Your firewall policy seems to let TCP packets with a specific source port pass through.
IMPACT:
Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that
unauthorized users can use to bypass your firewall.
SOLUTION:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be
configured to block all TCP SYN packets going to this port, regardless of the source port.
RESULT:
The host responded 4 times to 4 TCP SYN probes sent to destination port 80 using source port 80. However, it did not respond at all to 4 TCP SYN
probes sent to the same destination port using a random source port.
0
Comment
Question by:Joel Fernandez
3 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
Comment Utility
It seems you're hosting a web server internal to your ASA and allowing that to come in.

Nonetheless, the report claims that it can reach destination port if the source port is specific (80 in your sample), but it can't if it use a random port (between 1024 and 65535 for example). Client normally use random port and so your rule shouldn't take into account the source port number.

So one of your rule is faulty as afar we can "guess" because ASA typically allows flows if the source port is specific and in this case legit HTTP port for web traffic (assuming you have web server etc), whereas, for norm cases, ASA should only filter on the destination port, which is the only static part between the two.

I "guess" you miss creating one of your rule by unintentational swapping source and destination port value
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Compromised machines trying to access wpad.(domain).com and others. 9 124
To Use Sandbox in VMware 6 99
Nessus scan 5 195
ACAS / Nessus 2 82
The month of August was another action packed month for hackers and a security nightmare for many retailers and restaurant establishments. Some of the more notable data breach victims this past month included supermarket giants SUPERVALU and Alberts…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video discusses moving either the default database or any database to a new volume.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now