Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7833
Views
0
Helpful
2
Replies

preventing ddos and dos attacks from asa

Go to solution
mirehteshamali
Level 1
Level 1

‎02-11-2011 11:02 PM - edited ‎03-11-2019 12:49 PM

HI

plz help me with the follwoing

1) i have a application sever on a dmz and i want to implement DDOS / DOS  attack prevention on asa. what are best practises in order to accomplish this.

2)  what is the difference between a CSC and IPS modules. can i add both of them in 5510 , 5520 chasis

thansk

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
sean_evershed
Level 7
Level 7

‎02-12-2011 02:44 AM

Hi,

For DDOS / DOS attacks see below a reference for configuring threat detection

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html

If you want to provide protection for against spam, spyware, viruses, phishing, etc that enters your network via email, HTTP, or FTP traffic then you would use a CSC modules. See the link below

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

See below a Q&A for the product

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_qas0900aecd8040397e.html

An IPS modue provides protection by blocking threats such as distributed denial of service attacks, reconnaissance  attacks, and attacks against operating system and application  vulnerabilities. See below

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78-459036_ps6120_Products_Data_Sheet.html

See below a Q&A for the product

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/qa_c67-458612_ps6120_Products_Q_and_A_Item.html

The 5510 & 5520's only have one expansion slot for security services modules so you can install only of these devices.

Please remember to rate all posts that are helpful.

View solution in original post

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎02-12-2011 06:51 AM

Hey,

1) i have a application sever on a dmz and i want to implement DDOS /  DOS  attack prevention on asa. what are best practises in order to  accomplish this.

If the DoS and DDoS come on TCP, like a TCP syn flood attack, you can go ahead and use modular policy framework to limit the amount of Embryonic connections, also you can use an IPS module like sean told you or even threat detection.

2)  what is the difference between a CSC and IPS modules. can i add both of them in 5510 , 5520 chasis

The Cisco CSC module what is does is filter request based on FTP, HTTP and SMTP, he cares about size of the packet ins terms of FTP and SMTP and on HTTP does URL blocking and URL filter, among huge other things.


The IPS module has built in signatues that describe certain types of attacks, if a behavior on the network happens to match the signature, you can apply actions such as drop the packet, block the host etc. Very useful in order to mitigate DoS attacks.

Both modules can be applied to each of the firewalls, however you can only have one per firewall. The SSM-10 works for ASA 5510 and 5520, the ASA SSM-20 works for ASA 5520.

Hope this answer your questions, Im pasting some links below if you want documentation

Preventing Network Attacks with ASA

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html

IPS module

http://www.cisco.com/en/US/products/ps8395/index.html

CSC module

http://www.cisco.com/en/US/products/ps6823/index.html

Hope it helps

Mike

Mike

View solution in original post

0 Helpful
2 Replies 2

Go to solution
sean_evershed
Level 7
Level 7

‎02-12-2011 02:44 AM

Hi,

For DDOS / DOS attacks see below a reference for configuring threat detection

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html

If you want to provide protection for against spam, spyware, viruses, phishing, etc that enters your network via email, HTTP, or FTP traffic then you would use a CSC modules. See the link below

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

See below a Q&A for the product

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_qas0900aecd8040397e.html

An IPS modue provides protection by blocking threats such as distributed denial of service attacks, reconnaissance  attacks, and attacks against operating system and application  vulnerabilities. See below

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/data_sheet_c78-459036_ps6120_Products_Data_Sheet.html

See below a Q&A for the product

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/qa_c67-458612_ps6120_Products_Q_and_A_Item.html

The 5510 & 5520's only have one expansion slot for security services modules so you can install only of these devices.

Please remember to rate all posts that are helpful.

0 Helpful

Go to solution
Maykol Rojas
Cisco Employee
Cisco Employee

‎02-12-2011 06:51 AM

Hey,

1) i have a application sever on a dmz and i want to implement DDOS /  DOS  attack prevention on asa. what are best practises in order to  accomplish this.

If the DoS and DDoS come on TCP, like a TCP syn flood attack, you can go ahead and use modular policy framework to limit the amount of Embryonic connections, also you can use an IPS module like sean told you or even threat detection.

2)  what is the difference between a CSC and IPS modules. can i add both of them in 5510 , 5520 chasis

The Cisco CSC module what is does is filter request based on FTP, HTTP and SMTP, he cares about size of the packet ins terms of FTP and SMTP and on HTTP does URL blocking and URL filter, among huge other things.


The IPS module has built in signatues that describe certain types of attacks, if a behavior on the network happens to match the signature, you can apply actions such as drop the packet, block the host etc. Very useful in order to mitigate DoS attacks.

Both modules can be applied to each of the firewalls, however you can only have one per firewall. The SSM-10 works for ASA 5510 and 5520, the ASA SSM-20 works for ASA 5520.

Hope this answer your questions, Im pasting some links below if you want documentation

Preventing Network Attacks with ASA

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/protect.html

IPS module

http://www.cisco.com/en/US/products/ps8395/index.html

CSC module

http://www.cisco.com/en/US/products/ps6823/index.html

Hope it helps

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card