Enabling features found during penetration testing
I received this from the vendor doing penetration testing:
Port scanning is a process by which services such as web servers and mail servers are determined to exist or not exist. Intruders employ automated port scanning utilities that work fast to determine the existence of services on an Internet connection. Most firewalls have the ability to block such fast port scans as they occur deceiving an attacker into believing that no ports or services are available on the targeted Internet connection. Since this information does not lead to any direct system compromise or theft of data, it receives a medium threat rating.
1. Consult the vendor or provider of your firewall or IDS/IPS product for details on how to setup port scan blocking.
I am running IPS 7.0 on my ASA5510 device. Is port blocking active by default on this or do I have to do something? (Sorry for the newbie question).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...