Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Automatic Shutdown ASA5520 on CRITICAL event

Hi guys,

I've had a strange question from my boss about security on a Cisco ASA 5520. I've just started to study for the CCNA security, so I would not give a wrong answer caused by my inexperience.

The question is: Is it possible to automatically shutdown the OUTSIDE interface on a Cisco ASA 5520 in case of intrusion?.

In my opinion if there is an attempt of intrusion, just the device woud stop it. If it cannot detect it, how can the device recognize the event and so shutdown the interface?. Am I correct?

Thanks,

Dario

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Automatic Shutdown ASA5520 on CRITICAL event

Dario,

Well, shut down the interface? Nope, however, there are many ways on which in case of an intrusion, another device can detect the traffic and shun (block the host). That can be accomplish using an IPS device in conjuction with the host block capability.

If by intrusion you mean, insertion of code or something that goes more like on a Payload perspective, there are some features that can be enable on the ASA itself to block the request (reset the connection). With an IPS, you have a lot of signatures that are meant to detect an intrusion on the network and a signal to block the host/connection is sent to a blocking device (in this case the ASA).

There is just so  many things, but nothing like shut down the interface.

Mike

Mike
1 REPLY
Cisco Employee

Automatic Shutdown ASA5520 on CRITICAL event

Dario,

Well, shut down the interface? Nope, however, there are many ways on which in case of an intrusion, another device can detect the traffic and shun (block the host). That can be accomplish using an IPS device in conjuction with the host block capability.

If by intrusion you mean, insertion of code or something that goes more like on a Payload perspective, there are some features that can be enable on the ASA itself to block the request (reset the connection). With an IPS, you have a lot of signatures that are meant to detect an intrusion on the network and a signal to block the host/connection is sent to a blocking device (in this case the ASA).

There is just so  many things, but nothing like shut down the interface.

Mike

Mike
434
Views
0
Helpful
1
Replies
CreatePlease login to create content