deploying the cisco ace web application firewallfaculty.ccc.edu/mmoizuddin/cisco live...

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

1

Deploying the Cisco ACE Web Application Firewall

© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAPP-201414618_05_2008_c2 2

BRKAPP-2014


2

What You’ll Learn

Refresh on HTTP and Web Application SecurityFor HTTP intro, see BRKAPP-1015For HTTP intro, see BRKAPP 1015

For Web App Security, see BRKAPP-1009

The main features and functional benefits of the ACE Web Application Firewall product

Typical use cases and deployment architectures

A step-by-step description of how to deploy ACE Web

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAPP-201414618_05_2008_c2

A step-by-step description of how to deploy ACE Web Application Firewall for a perimeter security use case

Application NetworkingMessage transformationProtocol transformationMessage-based security

Application ScalabilityServer load-balancingSite selectionSSL termination and offload

Network ClassificationQuality of serviceNetwork-based app recognitionQueuing, policing, shaping

Cisco Application Delivery Networks

Application visibilityVideo deliveryVisibility, monitoring, control

WAN


WAN AccelerationData redundancy eliminationWindow scalingLZ compressionAdaptive congestion avoidance

Application AccelerationLatency mitigationApplication data cacheMeta data cacheLocal services

Application OptimizationDelta encodingFlashForward optimizationApplication securityServer offload


3

Other Cisco Live Breakout Sessions that You May Want to Attend

BRKAPP-2002 Server Load Balancing Design

BRKAPP 3003 Troubleshooting ACE

ApplicationsISRGSS WAAS ACE AXGACNS

Relevancy

BRKAPP-3003 Troubleshooting ACE

BRKAPP-1004 Introduction WAAS

BRKAPP-2005 Deploying WAAS

BRKAPP-3006 Troubleshooting WAAS

BRKAPP-1008 What can Cisco IOS do for my application?

BRKAPP-1009 Introduction to Web Application Security

BRKAPP-2010 How to build and deploy a scalable video communication solution for your organization

BRKAPP-2011 Scaling Applications in a Clustered Environment


BRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and Exchange

BRKAPP-2014 Deploying AXG

BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network Engineers

BRKAPP-1016 Running Applications on the Branch Router

BRKAPP-2017 Optimizing Application Delivery

BRKAPP-2018 Optimizing Oracle Deployments in Distributed Data Centers

Application Security Trends and Concerns



4

The Evolution of IntentA Shift to Financial Gain

Threats Are Becoming Increasingly Difficult to Detect and MitigateApplications Are the Primary Targets

ty

Financial:Theft and Damage

Notoriety:Viruses and Malware


Thre

at S

ever

it

1990 1995 2000 2005 What’s Next?

Vandalism:Basic Intrusions and Viruses

2007

Build and Maintain a Secure NetworkInstall and maintain a firewall configuration to protect data

PCI DSS: Six Sections and Twelve Requirements

S ti 6 5 D l bDo not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data3. Protect stored cardholder data 4. Encrypt transmission of cardholder data and sensitive

Section 6.5: Develop secure web apps, cover prevention of OWASP vulnerabilities

Section 6.6: Ensure all web-facing apps are protected against known attacks using either of the following methods

secure coding practicesi t lli W b A FW*


ypinformation across open public networks

Maintain a Vulnerability Management Program5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications

installing a Web App FW**This becomes a requirement by June 2008


5

Traditional Network Firewalls Are Blind to Web Application Attacks

Firewall

WebClient

WebServer

Application

Application

DatabaseServer


Ports 80 and 443

Open

Unfiltered HTTP Traffic

HTTP Refresher


For More In-Depth, See BRKAPP-1015


6

HTTP—An Application-Level Protocol

HTTP 1.0—RFC 1945InformationalPerformance and functional limits

HTTP 1.1—RFC 2616Draft StandardPersistent connections, cachingMore stringent requirements


HTTP always stateless—many tricks to make it behave as session-oriented (cookies, session IDs)Useful links:

http://www.w3.org/Protocols/http://www.rfc-editor.org/rfcxx00.html

HTTP—Request Elements

Three important elements of an HTTP request:MethodMethod

URI

Headers



7

HTTP—Request Methods

HTTP 1.1—MethodsOPTIONS: Ask server for available methodsGET: Request a resource from serverHEAD: Request resource and view response headers onlyPOST: Send data to the serverPUT: Send a file to the serverDELETE: Delete a file form the serverTRACE: Allows client to “trace route” via proxies to web server


TRACE: Allows client to trace route via proxies to web serverCONNECT: Used by proxies for tunneling requests to web server

All methods expect an HTTP response from the serverIn practice, both GET and POST send data to web applications

HTTP—Query Parameters

The URL portion after the “?”http://www.google.com/search?q=ciscohttp://www.google.com/search?q cisco

Passed to the application (and vector to several attacks when improperly parsed)

Content returned dynamically based on query parameters

Overall page layout similar while data differs


O e a page ayou s a e da a d e s

For an example of how query parameters are used see Google’s API description

http://www.google.com/apis/reference.html#2_2


8

HTTP—Cookies

“Cookies are pieces of information generated by a Web server and stored in the user’s

Server sends cookie to client

a Web server and stored in the user s computer, ready for future access.”

www.cookiecentral.comCookies Are Not Programs, and They Cannot Run Like Programs Do.


Set-Cookie:NAME=VALUE;expires=DATE;path=PATH; domain=DOMAIN_NAME; secure=YES

Client sends cookie back to server on subsequent visits to domainGET / HTTP/1.1\r\nHost: DOMAIN_NAME\r\nCookie: NAME=VALUE;

HTTP—Uniform Resource Identifiers

A URI Identifies and Locates a Network Resource

"http:" "//" host [":"port] [abs_path["?"query]]

DNS Resolution

TCP Port


DNS Resolution

Scheme

Path and File Name /

Additional Information


9

Typical Web Application Architecture

Web server receives Input

App server parses Input


DB receives querycreated & sent by

App server

Cisco ACE Web Application Firewall: Features and Functionality



10

Introducing Cisco ACE Web Application Firewall

Builds on top of industry-leading Cisco ACE XML Gateway platform

Can be software upgraded to full ACE XML Gateway solution

Protects o r c stom HTTP and HTML


Protects your custom HTTP and HTML applications from high-impact Web-borne attacks

SOA, Web Services, and XML Threat Defense Secures and offloads web services transactions

Web Application Firewall

Extensive HTML and XML Application Security

Platform Specifications

S fSpecifications1 rack unitFour 10/100/1000 Gigabit Ethernet ports4-GB RAMHigh-performance dual-core, dual-processor architectureHi h f t h l ti


High-performance cryptography accelerationFull FIPS 140-2 Level 3 compliance—optional

Hot-swappable dual SAS HDD, fan, and power suppliesFull reverse proxyDeployable either as firewall, manager, or 2-in-1


11

WAF and AXG Feature Comparison

Features

Web Application Security ● ●

ACE Web Application

Firewall

ACE Web Application

Firewall w/AXG

Privacy ● ●

Encryption & Signature Support ● ●

Hardware SSL Acceleration (optional FIPS) ● ●

Centralized Management, Monitoring, Logging, and Audit ● ●

Policy-based provisioning and versioning ● ●


g

Protocol, Data and Security Mediation ●

XML Acceleration & Offload ●

Extensibility SDK ●

Content Based Routing ●

Typical Deployment

Network

Web Servers

ExternalWeb Application

Consumers

et oFirewall

ACEWeb Application

Firewall

PortalACE

ACE XMLManagerInternet


DMZ CUSTOMER’S DATA CENTER


12

Attacks!*


*(and how to defend against them)

Attacks!

Unvalidated Input

Cross-Site ScriptingCross-Site Scripting

SQL Injection

Cross-Site Request Forgery

Cookie Tampering



13

Attack #1—Unvalidated Input

What Is It?Web apps use parameters to obtain information from the client

How Is This Vulnerable?Developers focus on the legal values of parameters and how they should be utilizedToo much credit given to client-side browser validationLittle if any attention is given to the effect of incorrect values


ResultThe application acts according to the changed information, potentially giving access to other user’s accounts, confidentialinfo, or anything else on the computer—vector for 90% of web-based attacks!

Defense: Signature Rules Engine

Blacklist approach—look for known and possible attacks in request contentSignatures detect particular attack vectors using pattern matching, regular expressionsRules combine signatures to detect and block different types of attacksProfiles combine rules and other features and apply them to particular web applications


p ppExtensible via signature language—customer or partners


14

Automatic Input NormalizationInput Is Normalized to Thwart Obfuscation Attacks That Use Encodings to Disguise Malicious Patterns

d5opx;ÐÓGE]Ì�€³óâ=� [Z�Ü¾ç-Ù‰Vð„'‰<½#Ôm]ëæoª5Zòˆ!0^Ý£kêØmt�È‘�œ��ín‘k»AH��?>'5@Ì¿êÜ�°Ýë�;u³7JM 4[ ´Èò¾ á¼

%2E%2E%2Fhome%2Fuser

%2F%7Eroot%2Fetc%2Fpas

%2Fhomepage%2Findex%2

../home/user

/~root/etc/p

/homepage/index/pictures/thumbs.html


³7JMµ4[�ø´Èò¾ø má¼�

Terminate and Decrypt SSLNormalize

Apply Security Policy

Input Normalization: Example

HTTP provides many ways to encode the same information. Input normalization “undoes” encodings to produce a canonical form of the request

http://foo.com/query?bar=%3c%73%63%72%69%70%74


http://foo.com/query?bar=<script

Many more – depends on scripting language, SQL, Unicode, etc etc etc


15

Signatures

Each Signature Has:

User-readable nameUser-readable name

Signature ID

Pattern used for initial match

Regular expression used to confirm match


Rules

Rules apply signatures to places in the messageREQUEST PARAMS sig SQLInjectQ _ g Q j

Severity level allows user to control strictness of enforcement, likelihood of false positives

Rules can be written very specificallyREQUEST_PARAMS[’name’].normalize(html)

re ^foo.*



16

Expression Language

Variables make any part of the request message or its connection properties available

HTTP headers

HTTP body

Request paramaters

Source and dest IP address

SSL properties (version, cipher, etc)


Operators allow applying checks to the selected part of the message

Attack #2—Cross Site ScriptingWhat Is It?

User feeds data to the web applicationWeb application doesn’t sanitize input and echoes back the queryWeb application doesn t sanitize input and echoes back the queryThe unvalidated data contains a piece of JavaScript that is executed in the context of the user’s browser sessionA carefully formed link sent to a victim (usually by mail) results in the JavaScript code being run in the victim’s browser, sending information to the hacker

Why Does Cross Site Scripting Happen?Unvalidated input—example: html is permitted into query parameter


Unvalidated input example: html is permitted into query parameterApplication blindly echoes request back to browser

Result“Virtual hijacking” of the session by stealing cookies Any information flowing between the legitimate user and site can be manipulated or transmitted to a third party


17

Cross Site Scripting Applications

The second a hacker realizes a query parameter accepts HTTP, he can trick your browser into doing virtually anything:

Build hidden forms that submit your cookies

Check your browsing history

Scan your subnet for certain hosts

etc.


Commonly used in Phishing emails

Experts estimate 80% of web sites are vulnerable (http://www.whitehatsec.com/downloads/WHXSSThreats.pdf)

Defense: Cross Site Scripting signature set

Looks for HTML in input stream

Input decoding shrinks signature setInput decoding shrinks signature set


But... What if I want to allow image tags?


18

False Positives – Human Assisted Learning

Cisco’s Human Assisted Learning lets you place a site in monitor mode

When in monitor mode, security alerts are reported but traffic isn’t blocked

You can click on each security incident and instruct the WAF to block traffic matching the pattern that caused the alert, or ignore it (false positive). The exception can be configured either at the profile level or on a per


be configured either at the profile level, or on a per web form parameter basis!

HaL integrates the benefit of dynamic learning but removes the guesswork from the equation: you ultimately control what is acceptable or not for your applications

HaL Walkthrough

Consider a web form with two input boxes. Both accept HTML and display it back to the user (fertile ground for XSS!) but suppose the “name” parameter can be exempted from XSS pattern checks

This is what the site profile looks like before HaL intervenes:


Modifiers Represent Exceptions to the Classification Process


19

An XSS Attack Is Detected

Inside the event log, a “Create Modifier” option appears

Create Modifier Is at the Heart of Hal


Options HaL Provides


Create Modifier Is at the Heart of Hal


20

The Rule Set Is Modified on a Per-Param Basis!

Ignore Signature 52 for Param “Name”


New Modifier Automatically Added

Attack #3—SQL Injection

SQL stands for Structured Query Language

Allows applications to access a databaseAllows applications to access a database

SQL can:Execute queries against a database

Retrieve data from a database

Insert new records in a database

Delete records from a database


Delete records from a database

Update records in a database

Many applications take user input and blindingly send it directly to SQL API!


21

Anatomy of a SQL Injection Attack:Basic SQL Query for Payment Info

Typical SQL querySELECT cc number FROM usersSELECT cc_number FROM users

WHERE username = 'victor'

AND password = '123'

Typical ASP/MS SQL Server login syntaxvar sql = "SELECT cc_number FROM usersWHERE username = '" + form_user +


_"' AND password = '" + form_pwd + "'";

Anatomy of a SQL Injection Attack:SQL Injection—Bypass Login

Attacker Injects the following:form_user = ' or 1=1 – – SQL commentform_pwd = anything

Final query would look like this:SELECT * FROM users

WHERE username = ' ' or 1=1

– – AND password = 'anything'

always true!


AND password = anything

Attacker gains access to the application!Not just logins – alter database, dump payment card information…


22

Defense: SQL Injection signature set

Detect SQL in input parameters


Defense: Response Message Rewrite

Search for and replace questionable content in responses from server



23

Attack #4—CSRF

“Whereas cross-site scripting exploits the trust a user has in a website, a cross-site request forgery exploits the trust a Web site has in a user by forging a request from a trusted user ” (source:has in a user by forging a request from a trusted user. (source: Wikipedia)

How does it work:Bob is logged into his bank’s website

Bob is also chatting/reading a blog at the same time

Hacker posts a comment in the blog inviting Bob to click a link

The link performs an action on Bob’s bank


As Bob is logged in, the action has the potential to succeed

Simple example: http://www.google.com/setprefs?hl=ga

Note that Bob doesn’t even have to click a link – a simple <img src="http://example.org/buy.php?item=PS3&qty=500> on a web page could suffice!

Defense: CSRF

Not trivial, no simple one-stop-solution

Several server-side solutions:Several server-side solutions:Generate random tokens for forms or actions so a hacker can’t guess

make sure the site isn’t XSS-vulnerable

Use CAPTCHAs



24

Defense: Referrer Enforcement

The browser/client populates the ‘Referer’* header to indicate the address (URI) of the resource from which the Request-URI was obtained

WAF can require that the header be a link on the same web site

Not foolproof – spoofing has been demonstrated!


* (sic) – it’s misspelled in the specification

Attack #5—Broken Authentication and Session Management Using Cookie Tampering

What Is It?A cookie that has had its value changed by the userCookie storage is managed and controlled by the userCookie storage is managed and controlled by the userCookies can be viewed and modified by the userCookies transferred in the open can be captured and modified by a third party

Why Does It Happen?Cookie information is weakly encrypted or hashed Web application developers are unaware of the threat or lack the cryptographic expertise to prevent tampering


yp g p p p p gThe cookie is assumed to contain a certain format of content –an assumption that isn’t verified

ResultIdentity theft or impersonation by a third party altering the session id or authorization information stored in the cookieDoS or even remote command execution due to buffer overflows


25

Defense: Cookie Tampering

No need to reinvent the wheel—existing proven encryption algorithms available to web application developers

Use modern development frameworks for session maintenance

Cisco’s WAF can encrypt cookies, only sending an MD5 hash of the actual cookie

I t t i


Immune to tampering

Be aware that replay attacks are still possible

Cookie SecuritySigning and Encryption

Clients Web Server

CP_EN7a989b1f1b9e966e47d629eec63302d3571d1677b27fe1bebba48df648b2edc=expires=Mon, 15-Dec-2006 1:03:00 GMT; path=/; domain=.cisco.com; secure

sess1=1800; expires=Mon, 15-Dec-2006 1:03:00 GMT;path=/; domain=.google.com; secure After Encryption



26

Additional SecurityFeatures


Exception Mapping

Servers can expose too much data in error messages –stack traces, SQL schemas



27

Exception Mapping

Replace server errors with WAF-generated content


HTTP Header Processing


Server Header Cloaking


28

Data Overflow Defense


SSL Termination

Offloads Crypto and connection handling from server

Enables HTTP/1 1 connection re-use SSL session re-Enables HTTP/1.1 connection re-use, SSL session re-use, client certificate authentication

Consolidate private keys on WAF device

Decrypt and re-encrypt for end-to-end SSL


Note: ACE can also terminate SSL, will cover when to terminate where in Deployment Considerations

HTTPS HTTP


29

Upgrading to ACE XML Gateway


Web Services and Web Applications

ACE Web Application Firewall provides a high level of protection for HTML-based applications.

For XML-based web services, ACE XML Gateway can provide security, mediation, and offload

Software upgrade to move from WAF to AXG—can run both sets of functionality on same device



30

Deployment Considerations


Clustering

There are two software components: the manager and the firewall; each has a separate software license

Both components run on the AXG appliance hardware; you can run either or both components on the same appliance

ACE WAF achieves high availability via an external HTTP load balancer such as the ACE application switch


application switch

Manager not a runtime component, so typical deployment uses cold standby for redundancy


31

Clustering: Stand-Alone ACE WAF

Firewall and manager running on same appliance

Used for PoC situations or development environmentsUsed for PoC situations or development environments


Clustering: Separate Manager

Two or more appliances running firewall component

One appliance running manager componentOne appliance running manager component

Firewall


ManagerFirewall


32

Clustering: Integrated Manager

One appliance running both firewall and manager components

One or more appliances running only firewall component


Manager and Firewall

Firewall

Deployment Modes

Layers 2-3: One-armed or multi-armOne-armed: single NIC handles all traffic 128 32 65 37g

Same VLAN for pre- and post-Gateway trafficSimplest mode for configuration

Multi-arm: Multiple NICs for trafficDifferent VLAN on each NICStatic routes needed in most environmentsSingle routing table/default route for entire system

128.32.65.37

128.32.65.37


g g yDecision as to which NIC to use made by Linux kernel based on Layer 3 destination addressFirewall policy has no concept of internal/external addresses!

In either case, multiple IP’s per VLAN possible for virtual hosting

10.7.83.12


33

Use Case: Perimeter Security

Network W

eb Servers

ExternalWeb Application

Consumers

et oFirewall

ACEWeb Application

Firewall

PortalACE

ACE XMLManagerInternet


DMZ CUSTOMER’S DATA CENTER

Perimeter Security: One-Armed Proxy

Traffic passes through ACE twice


Traffic passes through ACE twice

Easy to insert into existing ACE deployment

Allows for fail-open or fail-closed configuration


34

Public VIP: 63.90.156.60 10 30 1 1

Perimeter Security: Two-Armed Proxy

ACE WAFs

PublicInternet

ACEApplication

SwitchWeb Application

Consumers

10.10.1.10

10.30.1.15210.30.1.151

10.10.1.1210.10.1.11

10.20.1.15210.20.1.151

ACE

10.20.1.1VIP: 10.20.1.200

10.30.1.1

10.10.1.1

Different contexts on same physical ACE can be used on both sides


Web ApplicationProviders

ACEApplication

SwitchBest practice when backend is multiple hops from ACE WAF, need DMZ separation

One-Armed: Terminate SSL at ACE

C lid t k l d b l


Consolidate keys on load balancer

Use L7 classmap to direct traffic at ACE


35

One-Armed: Terminate SSL at ACE WAF


Optionally perform end-to-end SSL to application

Alternative Network Deployment Model

WWW1AXG Web

Application Firewall

HTTP

WW

W P

orta

l

External HTTPand XML

Web Services Consumers

Full Reverse Proxy

WWW2

WWW3

DNS Points to AXG WAFwhen Asked for WWWx

Internet


The ACE Web Application Firewall is a full reverse proxy

In other words, you can have the DNS server point to the IP address of the WAF to represent the actual Web server

At that point, the WAF accepts all requests destined to the Web server, filters them, and sends them out; the response comes back to the WAF as well for total control of the session


36

Deployment Example


Deployment Example

Configure WAF network and cluster settings

Steps to Deploy:

Configure WAF network and cluster settings

Define web application and apply profile

Deploy in monitor mode and tune

Re-deploy in enforcement mode



37

Network Diagram Before: No WAF


Standard ACE L7 configuration with SSL termination, TCP reuse

Network Diagram After: With WAF


Deployment mode: one-armed proxy, terminate SSL at ACE

Two WAF devices, one acting as firewall, other as joint firewall and manager


38

Cable Devices

Four RJ45 Gigabit Ethernet network interfacesOne LOM NICOne LOM NIC

See HP DL360 docs

Serial consoleVGA/keyboard video consoleDual power suppliesnCipher card reader (only on FIPS model)


( y )LOM NIC eth0, eth1

RS232 VGA eth2, eth3

PS/2 keyboard

Dual power supplies

nCipher

Configure Network Settings

Connect KVM or Serial Console

Log in as “root”

Set standard IP settingsIP address

Hostname

DNS server


DNS server

NTP server

Set as Gateway, Manager, or both


39

Log in to Manager

Point browser at machine selected to be Manager, HTTPS port 8243HTTPS, port 8243

https://172.25.91.151:8243/

Log in as “administrator”, password “swordfish”


Configure as Cluster



40

Getting Started with the Cisco ACE WAF1. A Wizard Helps You Define the Websites You Want to Protect

Specify the IP

Monitor Means the WAF Alerts but Doesn’t Block—Extremely C i t If


Specify the IP Address or Name of the Backend Server

Call the WAF Wizard

Convenient If You’re Leery of Deploying Inline

Getting Started with the Cisco ACE WAF2. If (host + URL) Classification Isn’t Sufficient, an Expert Mode Is Available

You Can Use Regular

Expressions to


Expressions to Define the Site.

You Can Use Additional Parameters for Classification.


41

Getting Started with the Cisco ACE WAF3. You Can, for Instance, Require the Presence of a Given HTTP Header

Full Classification Customization


Getting Started with the Cisco ACE WAF4. We Have Defined Our First Protected Web Server (Http://172.25.89.140/)

Website Protected by


Website Protected by the WAF

Factory-Shipped PCI Profile Applied


42

Protecting the Website from XSS5. The WAF Ships with Predefined Profiles That You Can Clone and Edit


XSS Protection

Fine-Tuning a Security Profile6. Inside a Profile You Find Groups of Rules (Rule = Signature)—Each Group Contains Rules Ranked by Security Level

XSS Rules Level


Action to Take When a XSS Is Detected


43

7. The XSS Group Contains Rules That Are Cisco Verified SignaturesFine-Tuning a Security Profile

Hundreds of XSS Rules Are Shipped from the Factory.


Each Rule Has a Unique ID and a Security Level (basic, moderate, and strict).

Profile Ready to Be Deployed8. Here Is What Our Custom Test Profile Looks Like—XSS Protection Is Enabled


XSS Protection Enabled with Level Strict


44

Associate the Profile to the Website9. Map the Profile to the Website


Profile “Test” Mapped to Our Website

Deploy the Policy to the WAF Firewalls10. Cisco ACE WAF Ships with Strong Change Control and Audit Log Capabilities


Deltas Between Current Applied Policy and Proposed One Are Highlighted.


45

11. Cisco ACE WAF Alerts You of Risks Associated with Certain Configuration Options

Proactive Notification of Potential Problems


Proactive Performance Warnings

12. Multiunit Deployment + Timestamp and Rollback of PoliciesVerification of Successful Deployment


Policies Can Be Deployed to N Gateways

Timestamps


46

The Website Is Under Attack13. We Are Launching a XSS Attack Against the Website


Immediate Incident Report View

Let’s Drill Down14. Let’s See What the Attack Looks Like


The Name of the Attack Vector Is Provided

ID of the Rule that Caused the Alert


47

Detailed Security Event Drill-Down15. Detailed Forensics Are Available for Each Attack

F ll D f


Full Dump of Incoming Request

What the User, Hacker, and Victim See16. Default Error Text Is Returned to Browser (Fully Customizable)

The error message and HTTP return code are fully customizable; you can return your own HTML code and for example redirect the hacker to the main page


and, for example, redirect the hacker to the main page


48

Q and A


Recommended Reading

Continue your Cisco Live learning experience with further reading from Cisco Press

Check the Recommended Reading flyer for suggested books


Available Onsite at the Cisco Company Store


49

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Don’t forget to activate your Cisco Live virtual account for access to

Receive 20 Passport points for each session evaluation you complete.

Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

all session material on-demand and return for our live virtual event in October 2008.

Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.



deploying the cisco ace web application firewallfaculty.ccc.edu/mmoizuddin/cisco live...

Documents