×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Testing IPS modules on ASA 5505

Answered Question
Apr 19th, 2012
User Badges:

How do you all test the IPS traffic on the AIP-SSC5 in a 5505, since the default signatures are retired and you can't unretire them, one cannot enable the signatures 2000-2012 on the 5505.

Correct Answer by Karsten Iwen about 3 years 5 months ago

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Saurav Lodh Wed, 03/12/2014 - 23:13
User Badges:
  • Gold, 750 points or more

Differences Between the Modules

The IPS module for the ASA 5510 and higher supports higher performance requirements, while the IPS module for the ASA 5505 is designed for a small office installation. The following features are supported for the ASA 5510 and higher, and not for the ASA 5505:

Virtual sensors

Anomaly detection

Unretirement of default retired signatures

Correct Answer
Karsten Iwen Thu, 03/13/2014 - 00:19
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, VPN

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

Actions

This Discussion

Related Content