Cisco ASA Series 7: Scanning Threat Detection

Cisco ASA Series 7: Scanning Threat Detection 

The Cisco ASA security appliance combines a firewall, antivirus software, intrusion detection, and a virtual private network (VPN). It enables proactive threat defense, stopping assaults from spreading over the network.

Cisco ASA Series 7: Scanning Threat Detection
Fig 1.1- Scanning Threat Detection 

⭐Check out the basic Threat Detection discussion in our first part
Cisco ASA Series 5: Configuring Threat Detection
Cisco ASA Series 6: Configuring Threat Detection-Advanced

⭐ Cisco ASA's Scanning Threat Detection 🔐

The only one that can actively prevent (shun) attackers attempting to scan the network covered by the ASA is Scanning Threat Detection. In contrast to IPS scan detection, which is based on traffic signatures, the ASA scanning threat detection capability keeps a large database of host information that may be analyzed for scanning activities. If the scanning threat rate is exceeded, the ASA emits a syslog message (733101) and, if appropriate, shuns the attacker. If a shun is set, the ASA transmits syslog message 733102 to inform that an attacker has been banned.

The Scanning Threat Detection capability has the potential to significantly impair ASA performance. Scanning threat detection affects just traffic permitted to flow through the ASA. The Scanning Threat method does not identify traffic that is disallowed by an ACL. 

⭐ CLI Command configuration 📜

Use the command "threat-detection scanning-threat" to configure Scanning Threat Detection. Here is the example as shown below 

NDNA_CiscoASA(config)# threat-detection scanning-threat { shun [duration|except] }
NDNA_CiscoASA(config)# threat-detection scanning-threat shun duration 3600
NDNA_CiscoASA(config)# threat-detection scanning-threat shun except ip-address
NDNA_CiscoASA(config)# threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20

Status Checks

NDNA_CiscoASA(config)#show threat-detection shun
NDNA_CiscoASA(config)#clear threat-detection shun
NDNA_CiscoASA(config)#show threat-detection scanning-threat attacker

Continue Reading...

More on Cisco ASA...

No comments