12-20-2010 10:12 AM - edited 03-11-2019 12:25 PM
What if any IPS capabilities does the 5510 have
out of the box. I know whe can set a limit on embryonic connections
if we upgrade the memory and run 8.3, right? Is an accurate statement.
What if anything can be done to protect against DDOS attacks on the stock 5510?
Thanks much!
12-20-2010 02:41 PM
As you said you can enable connection limiting and SYN cookies. You can do it in 7.2, 8.0, 8.2 and 8.3.
Also 8.x has the "threat-detection" feature that can block based on suspicious activity.
I want to also mention the Botnet filtering as also another feature that blocks bots.
note that a 5510 can also take an AIP-SSM module that is an IPS that works in the ASA.
I hope it helps.
PK
12-20-2010 02:49 PM
Yes it helps very much, but could you elaborate on the threat detection feature in 8.3? What types of threats will it detect.
Also we need a minimum of 1gb of ram to run 8.3 on a 5510 correct?
12-20-2010 03:59 PM
Yes, you need memory for 8.3.
Threat detection runs on 8.0 and 8.2 also though. It can block based on multiple limits. It can block scanning attacks, dos, connection limits etc. Here is the guide that explains it http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html
Let us know if it answers your question.
PK
12-20-2010 02:45 PM
Hi.
Here is an article about asa and DOS attacks:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml
you can also add an aip-ssm module (intrustion prevention card) to do signature based intrusion detection/prevention. for more info:
http://www.cisco.com/en/US/products/ps6825/index.html
I hope this helps and answer your questions.
Regards,
Fadi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide