cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
485
Views
0
Helpful
1
Replies

Malicious Address lockout

Captog
Level 1
Level 1

My penetration vendor reported this result:

Exposure Description:

Firewalls typically provide the function of effectively blocking TCP/IP ports to and from an Internet connection. IDS/IPS inspects traffic looking for malicious activity. Most firewalls or IPS/IDS systems provide the ability to lock out malicious addresses. Malicious addresses are defined as remote machines attempting several known forms of attack, such as port scanning, DoS (Denial of service), and signature-based attacks. When such malicious activity is detected, it should be locked out immediately, effectively preventing further system compromise. Since this could potentially lead to system compromise, it receives a medium threat rating.

Solutions:

1. Consult the vendor or provider of your firewall or IDS/IPS product to ensure that such activity can be detected and blocked by your specific device.

I have the ASA5510 with the IPS module. Both have the latest in firmware and software. I believe they are already doing this, but can anyone confirm this unit does this?

Thanks,

Jim

1 Reply 1

rhermes
Level 7
Level 7

Jim

Your hardware certainly has the capability to perform the actions you describe, but both the ASA5510 and the AIP-SSM moodule need to be configured to specifically block (shun) hosts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: