Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
2
Replies

Cisca ASA AIP SSM module signatures

Go to solution
network_user
Level 1
Level 1

‎02-07-2012 11:46 AM - edited ‎03-11-2019 03:25 PM

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect traffic from all the ports to AIP SSM module for inspection? (inside, dmz, outside)

Recently one of our machines on the inside network got malware affected and it started ssh brute force attack on random hosts on internet. I would like to find out if I have AIP SSM on my ASA, would it be able to detect such attacks/traffic type, from inside interface and inform me or give an indication that some host on inside network is infected??

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎02-07-2012 12:08 PM

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect  traffic from all the ports to AIP SSM module for inspection? (inside,  dmz, outside)?

A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic (   permit ip any any so all traffic from all the interfaces will be inspected)

Recently one of our machines on the inside network got malware affected  and it started ssh brute force attack on random hosts on internet. I  would like to find out if I have AIP SSM on my ASA, would it be able to  detect such attacks/traffic type, from inside interface and inform me or  give an indication that some host on inside network is infected??

A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.

Regards,

Julio

Do rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎02-07-2012 12:08 PM

Hello,

Does any one know if AIP SSM installed in Cisco ASA, can it redirect  traffic from all the ports to AIP SSM module for inspection? (inside,  dmz, outside)?

A/ Yes, You will need to select witch traffic to send to the IPS module, usually you will see a access-list matching all traffic (   permit ip any any so all traffic from all the interfaces will be inspected)

Recently one of our machines on the inside network got malware affected  and it started ssh brute force attack on random hosts on internet. I  would like to find out if I have AIP SSM on my ASA, would it be able to  detect such attacks/traffic type, from inside interface and inform me or  give an indication that some host on inside network is infected??

A/ The IPS module will be able to inspect that traffic and based on his signatures or on the behavior of the host detect the attack and deppending of its configuration ( Inline or promiscuos mode) It will drop the packet inmediatly.

Regards,

Julio

Do rate all the helpful posts!!

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
network_user
Level 1
Level 1
In response to Julio Carvajal

‎02-07-2012 12:45 PM

Thanks Julio!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card