topic Re: IPS capabilities of the 5510 in Network Security

IPS capabilities of the 5510

w951duu — Mon, 11 Mar 2019 19:25:02 GMT

What if any IPS capabilities does the 5510 have

out of the box. I know whe can set a limit on embryonic connections

if we upgrade the memory and run 8.3, right? Is an accurate statement.

What if anything can be done to protect against DDOS attacks on the stock 5510?

Thanks much!

Panos Kampanakis — Mon, 20 Dec 2010 22:41:31 GMT

As you said you can enable connection limiting and SYN cookies. You can do it in 7.2, 8.0, 8.2 and 8.3.

Also 8.x has the "threat-detection" feature that can block based on suspicious activity.

I want to also mention the Botnet filtering as also another feature that blocks bots.

note that a 5510 can also take an AIP-SSM module that is an IPS that works in the ASA.

I hope it helps.

fadlouni — Mon, 20 Dec 2010 22:45:57 GMT

Hi.

Here is an article about asa and DOS attacks:

you can also add an aip-ssm module (intrustion prevention card) to do signature based intrusion detection/prevention. for more info:

I hope this helps and answer your questions.

Regards,

Fadi.

w951duu — Mon, 20 Dec 2010 22:49:06 GMT

Yes it helps very much, but could you elaborate on the threat detection feature in 8.3? What types of threats will it detect.

Also we need a minimum of 1gb of ram to run 8.3 on a 5510 correct?

Panos Kampanakis — Mon, 20 Dec 2010 23:59:36 GMT

Yes, you need memory for 8.3.

Threat detection runs on 8.0 and 8.2 also though. It can block based on multiple limits. It can block scanning attacks, dos, connection limits etc. Here is the guide that explains it http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html

Let us know if it answers your question.