Solved: Testing IPS modules on ASA 5505

Christopher Clark · ‎04-19-2012

How do you all test the IPS traffic on the AIP-SSC5 in a 5505, since the default signatures are retired and you can't unretire them, one cannot enable the signatures 2000-2012 on the 5505.

Karsten Iwen · ‎03-13-2014

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.

View solution in original post

Saurav Lodh · ‎03-12-2014

Differences Between the Modules

The IPS module for the ASA 5510 and higher supports higher performance requirements, while the IPS module for the ASA 5505 is designed for a small office installation. The following features are supported for the ASA 5510 and higher, and not for the ASA 5505:

•Virtual sensors

•Anomaly detection

•Unretirement of default retired signatures

Karsten Iwen · ‎03-13-2014

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

--
If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.