Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1692
Views
0
Helpful
0
Replies

Strict TCP Enforcement in Sourcefire

chidambarakodandaraju
Level 1
Level 1

‎02-28-2017 10:43 AM - edited ‎03-10-2019 06:47 AM

Hi Cisco Support Community team

Currently thinking as a scenario the Sourcefire NIPS are working in Blocking mode (Drop when Inline) option is enabled in the 'Intrusion Policy'

Can you please let me know 'Strict TCP Enforcement' feature in Sourcefire NIPS can it be implemented Yes or No , along with its Pros/Cons.

Do let me know your Recommendations  is it worth to implement this Strict TCP Enforcement at Sourcefire NIPS 'or' Cisco ASA firewall 'or' at a DDOS Vendor these days Volumetric attacks come from attackers from Internet.

 

Reference url :   http://www.cisco.com/c/en/us/td/docs/security/firesight/541/user-guide/FireSIGHT-System-UserGuide-v5401/IPS-Devices.html   

 

Strict TCP Enforcement

------------------------------------

To maximize TCP security, you can enable strict enforcement, which "Blocks Connections where the Three-Way Handshake was not completed". Strict enforcement also blocks:

  • non-SYN TCP packets for connections where the three-way handshake was not completed
  • non-SYN/RST packets from the initiator on a TCP connection before the responder sends the SYN-ACK
  • non-SYN-ACK/RST packets from the responder on a TCP connection after the SYN but before the session is established
  • SYN packets on an established TCP connection from either the initiator or the responder

Regards

Chidambara

Labels:
0 Helpful
0 Replies 0
Review Cisco Networking for a $25 gift card
Top