Cisco PIX 525 Specifiche Pagina 309

  • Scaricare
  • Aggiungi ai miei manuali
  • Stampa
Vedere la pagina 308
CHAPTER
19-1
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
19
Intercepting and Responding to Network Attacks
This chapter describes how to configure protection features to intercept and respond to network attacks.
These features include sending traffic to an AIP SSM, limiting TCP and UDP connections, configuring
TCP normalization, and many other protection features.
This chapter includes the following sections:
Configuring IP Audit for Basic IPS Support, page 19-1
Configuring TCP Normalization, page 19-2
Protecting Your Network Against Specific Attacks, page 19-3
Configuring IP Audit for Basic IPS Support
The IP audit feature provides basic IPS support for a security appliance. It supports a basic list of
signatures, and you can configure the security appliance to perform one or more actions on traffic that
matches a signature.
To enable IP audit, perform the following steps:
Step 1 To define an IP audit policy for informational signatures, enter the following command:
hostname(config)# ip audit name
name
info [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 2 To define an IP audit policy for attack signatures, enter the following command:
hostname(config)# ip audit name
name
attack [action [alarm] [drop] [reset]]
Where alarm generates a system message showing that a packet matched a signature, drop drops the
packet, and reset drops the packet and closes the connection. If you do not define an action, then the
default action is to generate an alarm.
Step 3 To assign the policy to an interface, enter the following command:
ip audit interface
interface_name policy_name
Step 4 To disable signatures, or for more information about signatures, see the ip audit signature command in
the Cisco Security Appliance Command Reference.
Vedere la pagina 308
1 2 ... 304 305 306 307 308 309 310 311 312 313 314 ... 603 604

Commenti su questo manuale

Nessun commento