Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Malicious Address lockout

My penetration vendor reported this result:

Exposure Description:

Firewalls typically provide the function of effectively blocking TCP/IP ports to and from an Internet connection. IDS/IPS inspects traffic looking for malicious activity. Most firewalls or IPS/IDS systems provide the ability to lock out malicious addresses. Malicious addresses are defined as remote machines attempting several known forms of attack, such as port scanning, DoS (Denial of service), and signature-based attacks. When such malicious activity is detected, it should be locked out immediately, effectively preventing further system compromise. Since this could potentially lead to system compromise, it receives a medium threat rating.

Solutions:

1. Consult the vendor or provider of your firewall or IDS/IPS product to ensure that such activity can be detected and blocked by your specific device.

I have the ASA5510 with the IPS module. Both have the latest in firmware and software. I believe they are already doing this, but can anyone confirm this unit does this?

Thanks,

Jim

  • Intrusion Prevention Systems/IDS
1 REPLY
Gold

Re: Malicious Address lockout

Jim

Your hardware certainly has the capability to perform the actions you describe, but both the ASA5510 and the AIP-SSM moodule need to be configured to specifically block (shun) hosts.

293
Views
0
Helpful
1
Replies
This widget could not be displayed.