نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: Configuring IPS Protection and IP Spoofing on Cisco ASA 5500 Firewalls

  1. #1
    Super Moderator patris_70 آواتار ها
    تاریخ عضویت
    Jan 1970
    نوشته ها
    تشکرها / پسندها

    پیش فرض Configuring IPS Protection and IP Spoofing on Cisco ASA 5500 Firewalls


    The Cisco ASA firewall appliance provides great security protection out-of-the box with its default configuration. However, to increase the security protection even further, there are several configuration enhancements that can be used to implement additional security features. Two of these features are IP Spoofing protection and basic Intrusion Prevention (IPS) support.
    IP Spoofing Protection
    IP spoofing attacks are those that change the actual source IP address of packets to obscure their true origin. This means that packets arriving at a particular interface (e.g inside) must have a valid source IP address that matches the correct source interface according to the firewall routing table. Normally the firewall only looks at the destination address of a packet in order to forward it accordingly. If you enable the IP Spoofing mechanism, the firewall checks also the source address of the packets.
    If for example our inside interface connects to internal network, this means that packets arriving at the inside firewall interface must have a source address in the range otherwise they will be dropped (if IP Spoofing is configured).
    The IP Spoofing feature uses the Unicast Reverse Path Forwarding (Unicast RPF) mechanism, which dictates that for any traffic that you want to allow through the security appliance, the security appliance routing table must include a route back to the source address.
    To enable IP Spoofing protection, enter the following command:
    CiscoASA5500(config)# ip verify reverse-path interface “interface_name”
    For example, to enable IP spoofing on the inside interface, use the following command:
    CiscoASA5500(config)# ip verify reverse-path interface inside
    Basic IPS Protection
    Although the ASA Firewall supports full IPS functionality with an extra IPS hardware module (AIP-SSM), it supports also basic IPS protection which is built-in by default without using an extra hardware module. The built-in IPS feature supports a basic list of signatures and you can configure the security appliance to perform one or more actions on traffic that matches a signature. The command that implements the basic IPS feature is called “ip audit”.
    There are two signature groups embedded in the firewall software: “Informational” and “Attack” signatures. You can define an IP audit policy for each signature group as following:
    For informational signatures:
    CiscoASA5500 (config)# ip audit name “name” info [action [alarm] [drop] [reset]]
    For attack signatures:
    CiscoASA5500 (config)# ip audit name “name” attack [action [alarm] [drop] [reset]]
    The keywords [alarm], [drop], [reset] define the actions to perform on a malicious packet that matches one of the signatures. [alarm] generates a system message showing that a packet matched a signature, [drop] drops the packet, and [reset] drops the packet and closes the connection.
    After defining an IP audit policy (IPS policy) as shown above, we need to attach the policy to a specific interface:
    CiscoASA5500(config)# ip audit interface “interface_name” ” policy_name”
    Let’s see an actual example:
    CiscoASA5500 (config)# ip audit name dropattacks attack action drop
    CiscoASA5500 (config)# ip audit interface outside dropattacks

    داخل انجمن سوال کنید تا دیگران هم اگر مشکل شما را دارند یا برایشان در آینده پیش بیاید استفاده کنند. پیغام خصوصی برای جواب دادن به سوال نیست.

  2. # ADS
    Circuit advertisement
    تاریخ عضویت
    نوشته ها

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

علاقه مندی ها (Bookmarks)

علاقه مندی ها (Bookmarks)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید