Basic IPS Features included in ASA without AIP-SSM

Unanswered Question
Jan 1st, 2008

Are there any Basic IPS Features (functionality) included in ASA without AIP-SSM?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
fropert Tue, 01/01/2008 - 09:46

Hello,

Yes!

First, the IP audit feature. This one contains approximately 50 basic signatures on IP, ICMP, TCP flags, DNS, UNIX RPCs and fragmentation.

These sigs are classified into 2 families: Informational and Attacks.

You can define a policy on Informational sigs and another policy on Attacks sigs for each interface (policy-to-interface mappings).

The policy configuration considers 2 things:

- Does an alarm should be generated ?

- If the triggered packets will drop, reset or pass

Second, ASA now have a feature called "Threat Detection".

This feature detect DoS and scanning (nmap scans by example) attacks and give you statistics about threats.

Scanning IP source can be shuned.

Hope it will help you!

Francois

Jens Becker Sat, 01/12/2008 - 04:19

The Threat Detection feature comes with version 8.x. You can find it in ASDM under "Configuration" -> "Firewall" -> "Threat Detection"

or on the cli (example):

threat-detection basic-threat

threat-detection scanning-threat shun except object-group admin

threat-detection statistics

For configuring ip-audit first you must configure new IP-Audit policies.

Actions

This Discussion