cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1006
Views
0
Helpful
1
Replies

Automatic Shutdown ASA5520 on CRITICAL event

Hi guys,

I've had a strange question from my boss about security on a Cisco ASA 5520. I've just started to study for the CCNA security, so I would not give a wrong answer caused by my inexperience.

The question is: Is it possible to automatically shutdown the OUTSIDE interface on a Cisco ASA 5520 in case of intrusion?.

In my opinion if there is an attempt of intrusion, just the device woud stop it. If it cannot detect it, how can the device recognize the event and so shutdown the interface?. Am I correct?

Thanks,

Dario

1 Accepted Solution

Accepted Solutions

Maykol Rojas
Cisco Employee
Cisco Employee

Dario,

Well, shut down the interface? Nope, however, there are many ways on which in case of an intrusion, another device can detect the traffic and shun (block the host). That can be accomplish using an IPS device in conjuction with the host block capability.

If by intrusion you mean, insertion of code or something that goes more like on a Payload perspective, there are some features that can be enable on the ASA itself to block the request (reset the connection). With an IPS, you have a lot of signatures that are meant to detect an intrusion on the network and a signal to block the host/connection is sent to a blocking device (in this case the ASA).

There is just so  many things, but nothing like shut down the interface.

Mike

Mike

View solution in original post

1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

Dario,

Well, shut down the interface? Nope, however, there are many ways on which in case of an intrusion, another device can detect the traffic and shun (block the host). That can be accomplish using an IPS device in conjuction with the host block capability.

If by intrusion you mean, insertion of code or something that goes more like on a Payload perspective, there are some features that can be enable on the ASA itself to block the request (reset the connection). With an IPS, you have a lot of signatures that are meant to detect an intrusion on the network and a signal to block the host/connection is sent to a blocking device (in this case the ASA).

There is just so  many things, but nothing like shut down the interface.

Mike

Mike
Review Cisco Networking for a $25 gift card