What if any IPS capabilities does the 5510 have
out of the box. I know whe can set a limit on embryonic connections
if we upgrade the memory and run 8.3, right? Is an accurate statement.
What if anything can be done to protect against DDOS attacks on the stock 5510?
As you said you can enable connection limiting and SYN cookies. You can do it in 7.2, 8.0, 8.2 and 8.3.
Also 8.x has the "threat-detection" feature that can block based on suspicious activity.
I want to also mention the Botnet filtering as also another feature that blocks bots.
note that a 5510 can also take an AIP-SSM module that is an IPS that works in the ASA.
I hope it helps.
Yes it helps very much, but could you elaborate on the threat detection feature in 8.3? What types of threats will it detect.
Also we need a minimum of 1gb of ram to run 8.3 on a 5510 correct?
Yes, you need memory for 8.3.
Threat detection runs on 8.0 and 8.2 also though. It can block based on multiple limits. It can block scanning attacks, dos, connection limits etc. Here is the guide that explains it http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html
Let us know if it answers your question.
Here is an article about asa and DOS attacks:
you can also add an aip-ssm module (intrustion prevention card) to do signature based intrusion detection/prevention. for more info:
I hope this helps and answer your questions.