C H A P T E R
15-1
Cisco ASA Series Firewall CLI Configuration Guide
15
Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection.
•
•
Guidelines for Threat Detection, page 15-3
•
Defaults for Threat Detection, page 15-4
•
Configure Threat Detection, page 15-4
•
Monitoring Threat Detection, page 15-8
•
Examples for Threat Detection, page 15-13
•
History for Threat Detection, page 15-14
Detecting Threats
Threat detection on the ASA provides a front-line defense against attacks. Threat detection works at
Layer 3 and 4 to develop a baseline for traffic on the device, analyzing packet drop statistics and
accumulating “top” reports based on traffic patterns. In comparison, a module that provides IPS or Next
Generation IPS services identifies and mitigates attack vectors up to Layer 7 on traffic the ASA
permitted, and cannot see the traffic dropped already by the ASA. Thus, threat detection and IPS can
work together to provide a more comprehensive threat defense.
Threat detection consists of the following elements:
•
Different levels of statistics gathering for various threats.
Threat detection statistics can help you manage threats to your ASA; for example, if you enable
scanning threat detection, then viewing statistics can help you analyze the threat. You can configure
two types of threat detection statistics:
–
Basic threat detection statistics—Includes information about attack activity for the system as a
whole. Basic threat detection statistics are enabled by default and have no performance impact.
–
Advanced threat detection statistics—Tracks activity at an object level, so the ASA can report
activity for individual hosts, ports, protocols, or ACLs. Advanced threat detection statistics can
have a major performance impact, depending on the statistics gathered, so only the ACL
statistics are enabled by default.
•
Scanning threat detection, which determines when a host is performing a scan. You can optionally
shun any hosts determined to be a scanning threat.
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...