Need help with SCSP prevention/detection policies
Updated: 28 Mar 2012 | 11 comments
This issue has been solved. See solution.
Hi,
Is this possible to detect or prevent Brute force attack, dos attack, cross site scripting attack, sql injection attack and phishing attack with scsp policies.
If SCSP detect or prevent any above attack then please let me know which policy i have to use.
Thanks in Advance
Discussion Filed Under:
Comments
Hi. You can do only some
Hi.
You can do only some steps by that. You cannot generally say in a policy that the system has to prevent all the attacks. But in this case you can for example limit some user rights, so that they cannot execute system processes or you can read the Windows Events logs that includes the logged on and logged off users.
With Detection Policies you can log some WebAttacks..
Take a look at the admin guide and IPS/IDS guide. There are more information about this.
Eugen.
Hi epretzer, thanks for
Hi epretzer,
thanks for replying. can you please explain me in brief.
With Regards,
Er. Sanehdeep Singh
(E|CSA, C|EH, Security5)
Hi
"Is this possible to detect or prevent Brute force attack, dos attack, cross site scripting attack, sql injection attack and phishing attack with scsp policies."
Brute force attempt can be detected by IDS. You can configure repeated fail attempts.
Sql injection is supported too.
Rest I am not sure of.
Thanks
____________
Amar
SSCP
Hi ans@symc, thanks for your
Hi ans@symc,
thanks for your reply. can you explain me please how we can detect/prevent sql injection with SCSP. if you tell me the procedure its very helpful for me.
With Regards,
Er. Sanehdeep Singh
(E|CSA, C|EH, Security5)
Use the Windows Baseline Detection Policy
Use the Windows Baseline Detection Policy to Detect the Attack:
Enable the Following:
Windows Baseline Detection Options > System Attack Detection > Web Attack Detection Options >Generic Web Attack Detection Monitor > Generic SQL Injection Attack Attempts
@chuck : i tiried this
@chuck : i tiried this policy. but its not able to detect sql injection.
With Regards,
Er. Sanehdeep Singh
(E|CSA, C|EH, Security5)
What SQL injection attack are you testing with?
Sanehdeep,
If you look inside the details of the policy, you can see the different SQL injection attacks that the policy is matching on. If the exploit you are testing with is not in that list, add it and then try again.
@chuck: I havev already tried
@chuck: I havev already tried this. But still not able to detect sql injection.
I have one doubt in my mind. Sql injection is the vulnerability of web application not a web server and SCSP is specially for servers, then how SCSP detect sql injection. How SCSP come to know about the sql queries which attacker passes through the text box or through the URL.
With Regards,
Er. Sanehdeep Singh
(E|CSA, C|EH, Security5)
You have to provide the path
You have to provide the path of IIS server log file. After that it will work fine. Just check it out.
Thanks komal. Now its
Thanks komal. Now its working.
With Regards,
Er. Sanehdeep Singh
(E|CSA, C|EH, Security5)
Sanehdeep, Let us know how
Sanehdeep,
Let us know how this detection method goes for you as its realitively new.
Would you like to reply?
Login or Register to post your comment.