Malicious Address lockout

Unanswered Question
Sep 10th, 2009

My penetration vendor reported this result:

Exposure Description:

Firewalls typically provide the function of effectively blocking TCP/IP ports to and from an Internet connection. IDS/IPS inspects traffic looking for malicious activity. Most firewalls or IPS/IDS systems provide the ability to lock out malicious addresses. Malicious addresses are defined as remote machines attempting several known forms of attack, such as port scanning, DoS (Denial of service), and signature-based attacks. When such malicious activity is detected, it should be locked out immediately, effectively preventing further system compromise. Since this could potentially lead to system compromise, it receives a medium threat rating.

Solutions:

1. Consult the vendor or provider of your firewall or IDS/IPS product to ensure that such activity can be detected and blocked by your specific device.

I have the ASA5510 with the IPS module. Both have the latest in firmware and software. I believe they are already doing this, but can anyone confirm this unit does this?

Thanks,

Jim

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Fri, 09/11/2009 - 13:06

Jim

Your hardware certainly has the capability to perform the actions you describe, but both the ASA5510 and the AIP-SSM moodule need to be configured to specifically block (shun) hosts.

Actions

This Discussion