Critical System Protection

 View Only
Back to discussions
Expand all | Collapse all

Need help with SCSP prevention/detection policies

  • 1.  Need help with SCSP prevention/detection policies

    Posted Oct 17, 2011 07:42 AM

    Hi,

    Is this possible to detect or prevent Brute force attack, dos attack, cross site scripting attack, sql injection attack and phishing attack with scsp policies.

    If SCSP detect or prevent any above attack then please let me know which policy i have to use.

     

    Thanks in Advance



  • 2.  RE: Need help with SCSP prevention/detection policies

    Posted Oct 31, 2011 10:16 AM

    Hi.

    You can do only some steps by that. You cannot generally say in a policy that the system has to prevent all the attacks. But in this case you can for example limit some user rights, so that they cannot execute system processes or you can read the Windows Events logs that includes the logged on and logged off users.

     

    With Detection Policies you can log some WebAttacks..

     

    Take a look at the admin guide and IPS/IDS guide. There are more information about this.

     

    Eugen.



  • 3.  RE: Need help with SCSP prevention/detection policies

    Posted Nov 11, 2011 06:08 AM

    Hi epretzer,

     

    thanks for replying. can you please explain me in brief.



  • 4.  RE: Need help with SCSP prevention/detection policies

    Posted Dec 01, 2011 06:39 AM

    "Is this possible to detect or prevent Brute force attack, dos attack, cross site scripting attack, sql injection attack and phishing attack with scsp policies."

     Brute force attempt can be detected by IDS. You can configure repeated fail attempts.

    Sql injection is supported too.

    Rest I am not sure of.

    Thanks

    ____________

    Amar
    SSCP



  • 5.  RE: Need help with SCSP prevention/detection policies

    Posted Dec 24, 2011 08:02 AM

    Hi ans@symc,

    thanks for your reply. can you explain me please how we can detect/prevent sql injection with SCSP. if you tell me the procedure its very helpful for me.



  • 6.  RE: Need help with SCSP prevention/detection policies

    Posted Dec 29, 2011 11:12 AM

    Use the Windows Baseline Detection Policy to Detect the Attack:

    Enable the Following:

    Windows Baseline Detection Options > System Attack Detection > Web Attack Detection Options >Generic Web Attack Detection Monitor > Generic SQL Injection Attack Attempts



  • 7.  RE: Need help with SCSP prevention/detection policies

    Posted Mar 19, 2012 07:28 AM

    @chuck : i tiried this policy. but its not able to detect sql injection.



  • 8.  RE: Need help with SCSP prevention/detection policies

    Posted Mar 22, 2012 01:47 PM

    Sanehdeep,

    If you look inside the details of the policy, you can see the different SQL injection attacks that the policy is matching on.  If the exploit you are testing with is not in that list, add it and then try again.



  • 9.  RE: Need help with SCSP prevention/detection policies

    Posted Mar 22, 2012 02:16 PM

    @chuck: I havev already tried this. But still not able to detect sql injection.

    I have one doubt in my mind. Sql injection is the vulnerability of web application not a web server and SCSP is specially for servers, then how SCSP detect sql injection. How SCSP come to know about the sql queries which attacker passes through the text box or through the URL.



  • 10.  RE: Need help with SCSP prevention/detection policies
    Best Answer

    Posted Mar 28, 2012 01:29 PM

    You have to provide the path of IIS server log  file. After that it will work fine. Just check it out.



  • 11.  RE: Need help with SCSP prevention/detection policies

    Posted Mar 28, 2012 02:02 PM

    Thanks komal. Now its working.



  • 12.  RE: Need help with SCSP prevention/detection policies

    Posted Apr 22, 2012 04:19 PM

    Sanehdeep,

    Let us know how this detection method goes for you as its realitively new.