firewall analyzer
Cisco ASA firewall analyzer appliance provides a high level of security protection outside the box, the default settings. However, to increase the number of security protection, a number of improvements to the configuration that can be used to implement additional security features. Two of these features IP Spoofing protection and basic intrusion prevention (IPS) support. IP Spoofing Attack Protection
IP spoofing change the actual source IP address of the package, to conceal the true origin. This means that the packet is received in a given surface (eg, internal) must have a valid source IP address that matches the correct source interface according to the routing table firewall analyzers. Normally, the firewall analyzer only looks at the destination address on a package to be moved. If you enable IP spoofing mechanism, the firewall analyzer also checks the source address of packets. For example, if we
interface is connected to the internal network 192.168.1.0/24, this means that the package arrived at the firewall analyzer's internal interface to a source address range of 192.168.1.0 / If not, the 24 will be dropped (if it is true IP spoofing).
IP Spoofing function using Unicast Reverse Path Forwarding (Unicast RPF) mechanism, which dictates that the traffic through the security devices, security devices, routing table must include a route back to the source address.
In order to make IP spoofing protection, type the following command:
CiscoASA5500 (config) # ip verify reverse path interface INTERFACE_NAME
For example, IP spoofing on the inside interface, use the following command:
CiscoASA5500 (config) # ip verify reverse path to the base surface
IPS Firewall protection
While ASA supports the full IP functionality, an extra module hardware IPS (AIP SSM), which is also supported by the IPS protection built base, which the By default, there is no need for additional hardware modules. The built-in function in accordance with the IPS is a list of signatures and configure the security device to perform one or more measures of turnover, which corresponds to the signature. The command to implement the basic function of the IPS so-called intellectual property control.
two groups of signatures into the firewall analyzer software: information and attack signatures. You can define an IP audit policy for each group, the company is as follows: Companies
information:
CiscoASA5500 (config) # ip audit name info [action [alarm] [] low [Reset]]
For attack signature:
CiscoASA5500 (config) # ip audit name attack [action [alarm] [] low [Reset]]
Keywords
The [beep], [cut] [Reset] sets out the measures to be taken to a malicious packet, which corresponds to one of the signature. [beep] generates a system message indicates that a packet matches a signature, [drop] drops the packet, and the [Reset] discards the packet and closes the connection. Once you have a
IP control policy (political IPS), as shown above, is to adhere to the policy of a specific interface:
CiscoASA5500 (config) # interface IP control allows Policy_name
INTERFACE_NAME
see real examples:
CiscoASA5500 (config) # ip audit name drop dropattacks strike
CiscoASA5500 (config) # ip audit interface outside dropattacks
You visit the website of their own resource box for more information Cisco products and solutions. You can also learn to configure Cisco ASA 5500 firewall analyzer all here.
More about firewall appliance comparison.
Related Blogs
- Related Blogs on firewall analyzer
Related posts:
- firewall free download Continuing the Cisco ASA 5500 Series firewall free downloads,...
- firewall settings centos U.S. recessionInternet functionality built-in Windows Media Player you like Napster...
- firewall reviews This article describes the user interface and access modes...
- firewall audit your system may be attached to protocol analysis is...
- firewall won’t turn on The firewall won’t turn on protects a computer or a...
Related posts brought to you by Yet Another Related Posts Plugin.