© 2005 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 2 of 20
secure connectivity strategies, these security appliances converge a wide range of security and VPN technologies to provide rich application security,
anti-x defenses, network containment and control, and secure connectivity.
APPLICATION SECURITY
The Cisco ASA 5500 Series provides strong application layer security through 30 intelligent, application-aware inspection engines that examine
network flows at Layers 2–7. To defend networks from application layer attacks and give businesses control over use of applications and protocols
in their environments, these inspection engines incorporate extensive application and protocol knowledge and employ security enforcement
technologies that include application and protocol command filtering, protocol anomaly detection, and application and protocol state tracking. As
another layer of application inspection and control, these inspection engines also incorporate attack detection and mitigation techniques such as
buffer overflow defenses, content filtering and verification, and URL deobfuscation services. Inspection engines are available for a wide range of
popular applications and protocols, including Web, file transfer, e-mail, voice and multimedia, database, operating system, and third-generation (3G)
Mobile Wireless services. These inspection engines also give businesses control over threats such as instant messaging, peer-to-peer file sharing, and
other tunneling applications, allowing businesses to enforce usage policies and protect network bandwidth for legitimate business applications.
ANTI-X DEFENSES
The Cisco ASA 5500 Series provides advanced, high-performance protection against network and application layer attacks, denial-of-service (DoS)
attacks, and malware, including worms, network viruses, Trojan horses, spyware, and adware. Effective anti-x defense requires broad attack detection
coupled with advanced analysis techniques, resulting in highly accurate threat classification that helps ensure appropriate mitigation actions are taken
with no impact on legitimate network traffic.
Advanced Detection Techniques
To help ensure that threats do not go unnoticed, the Cisco ASA 5500 Series offers numerous methods to identify policy violations, anomalous
activity, and vulnerability exploitation. They include stateful pattern recognition for stopping attacks hidden inside a data stream; protocol analysis
to validate network traffic; traffic anomaly detection to identify attacks that cover multiple sessions and connections; protocol anomaly detection to
identify attacks based on observed deviations in the normal RFC behavior of a protocol or service; and Layer 2 analysis to detect man-in-the-middle
attacks. Specialized safeguards “scrub” network traffic to prevent “detection evasion” attempts; these safeguards include IP fragmentation reassembly
and normalization, TCP stream reassembly and normalization, TCP evasion control, IP antispoofing, and deobfuscation.
Combined with the extensive detection techniques are two innovative analysis and correlation technologies from Cisco Systems
®
that help enable
accurate mitigation of the detected threats: Risk Rating and the Meta Event Generator.
Risk Rating
The Cisco ASA 5500 Series uses the innovative Cisco Risk Rating technology to help ensure that malicious attacks are stopped without impacting
legitimate traffic. Going beyond the typical single-factor methods in determining threat risk, Cisco Risk Rating incorporates four measures to
accurately determine the risk of an event:
•
Event severity—Rating indicating the relative impact of the threat
•
Signature fidelity—Rating indicating the accuracy of the signature
•
Asset value—Customizable value indicating the importance of the attack target (low value for a print server in a wiring closet, a high value for
an e-commerce server in a data center, for example)
•
Attack relevancy—Value based on susceptibility of the target to the attack type
These four factors combine to produce an accurate threat rating that allows for confident mitigation actions to take place.