Dell SonicWall SRA 4200 Administrator's Manual
Download Administrator's manual of Dell 4200 Desktop, Gateway for Free or View it Online on All-Guides.com. This version of Dell 4200 Manual compatible with such list of devices, as: 4200, SonicWall SRA 4200, SonicWall SRA 1200, SonicWall SRA 1600, SonicWall SRA 4600
Brand: Dell
Category: Desktop , Gateway , Network Hardware , Server
Type: Administrator's manual
Model: Dell 4200 , Dell SonicWall SRA 4200 , Dell SonicWall SRA 1200 , Dell SonicWall SRA 1600 , Dell SonicWall SRA 4600
Pages: 440
272 | SRA 6.0 Administrator’s Guide
–
The second rule checks if the value contained by the Parameter Value: formId variable
matches the regular expression ^\d{1,4}$ which matches anything that consists of 1 to
4 digits. The Not inversion check box is selected to change the rule to match anything
that does not consist of 1 to 4 digits.
Example – Negative Security Model: Blocking Malicious Input to a Form
To block malicious input to a form, you would create a rule chain containing the following two
rules:
1. The first rule identifies the URL for the form.
2. The second rule identifies the form parameter, shell_cmd and the bad input, traceroute.
Example – Using URL Decode and None
If a hacker perceives that a Request URI is being scanned for CR and LF characters (carriage
return and line feed), the hacker may attempt to sneak those characters into the request by
performing URL encoding on the characters before adding them to the request. The URI will
then contain %0D and %0A characters, which could be used to launch an HTTP response
splitting attack. The URL Decode and/or URL Decode (Unicode) operations can be used to
thwart this type of attack by decoding the scanned input before comparing it against the
configured value(s) to check for a match.
Specifically, if a request is made to the URI http://www.host.com/foo%20bar/ and the URL
Decode operation is selected, the scanned URI becomes http://www.host.com/foo bar/ after
decoding, which can now be safely matched. To thwart a hacker who sends a non-encoded
request in addition to the encoded one, the administrator can select the None and the URL
Decode options in the rule.
Example – Using Convert to Lowercase and URL Decode with Parameter Values
An administrator wants to check whether the content of the variable Parameter Values
matches the value foo bar in order to block such a request. Because the backend application
accepts case-insensitive inputs (foo bar and FOO BAR), the hacker can pass foo BAR in the
request and evade the rule. To prevent this evasion, the administrator specifies Convert to
Lowercase as an anti-evasive operation and configures the value as foo bar in all lower case.
This causes all request parameter values to be converted to lower case and compared against
the value for a case-insensitive check.
Similarly, the hacker could pass foo%20BAR, which is the URL encoded version typically used
by browsers. To prevent this evasion, the administrator specifies URL Decode as the anti-
evasive operation to apply to the request entity. The input foo%20BAR is URL decoded to foo
BAR. If the input is already foo BAR, then URL decoding is not applied.