SlideShare a Scribd company logo

Configuration cisco asa ips module

Download as DOC, PDF
Lirouter Li
Lirouter Li

Leading Cisco networking products distributor-3network.com

Technology
1 of 7
Configuration Cisco ASA IPS Module For almost all companies are connected to the Internet, the threat of network attacks is an inevitable problem that they need to face. So there is often a need to set up some type of intrusion detection system (IDS) or intrusion protection system (IPS). These systems’ main purpose is to detect attacks as they are being initiated; this detection is done by comparing the streams of incoming traffic against a database of known attacks. The main differences between an IDS and an IPS is in what happens when the device detects an attack. An IDS will detect the attack and alert the network administrators/engineers; an IPS has the ability to directly block the attack traffic once it has been detected. This can proactively prevent a good amount of damage to the internal network. Cisco ASA line adds this ability with an additional piece of hardware of software, depending on the base ASA model. In this article it will take a look at this additional capability, what it offers, and how it can be configured to monitor traffic through an ASA. ASA IPS Module Details The IPS module might be a physical module or a software module, depending on your ASA model. The IPS module runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. The exact details of the IPS functionalities of an ASA depend on the specific model of ASA that is being used. The ASA 5505, 5510, 5520, 5540, 5580, and 5585-X all use an additional hardware module that is inserted into the ASA chassis. The ASA 5512-X, 5515X, 5525-X, 5545-X, and 5555-X all use an additional software module that is uploaded to the ASA. The connection to manage the ASA module differs also by the model of the ASA used: ASA 5505: The ASA 5505 IPS module does not have an external management interface and is managed using a management VLAN within the ASA. By default, the VLAN that is used is 1, and the default IPS management IP address is 192.168.1.2. ASA 5510, ASA 5580, ASA 5585-X: These devices have an external management interface that is used to configure the device and the IPS module; the ASA 5585-X actually has several external management interfaces. With these devices, the ASA and the ASA IPS module are typically assigned with IP addresses that are on the same subnet (default: ASA – 192.168.1.1, ASA IPS – 192.168.1.2). It is also possible to 1
configure the ASA to be managed via an inside interface while the ASA IPS module is solely managed via the external management interface. ASA 5512-X, ASA 5555-X: These devices work similarly to the previous models with an external management interface and with the same default IP addresses. The Basic Operation of the ASA IPS Module The basic ASA IPS module operation is simple: Traffic comes into the ASA and goes through the initial ASA processes (e.g., VPN decryption, firewall policy). Traffic that is matched is then sent to the IPS module; traffic that is allowed to pass is returned from the IPS module and can be sent back out another ASA interface. The ASA IPS module does offer two different operating modes that can be specified within the traffic-matching configuration; these include inline mode and promiscuous mode. While in inline mode, all matched traffic will be sent to the ASA IPS module and will not continue on through the ASA until it is returned from the module. While in promiscuous mode, a copy of the matched traffic is sent to the ASA IPS module with the initial copy of the traffic continuing through the ASA; if the ASA IPS module finds that specific traffic matches one of the attack signatures, it will send a shun message to the ASA to block any future traffic matching the specific traffic characteristics. The choice of which operating mode to use depends on the specific implementation. Although the inline mode is more secure, it can also have some effect on traffic throughput. The promiscuous mode is the opposite: being less secure but not affecting traffic throughput. The promiscuous mode operates in a similar way to a traditional IDS, whose alerts can retroactively be used to block future traffic. Virtual Sensors All the ASA models except the 5505 support virtual sensors; these sensors are used when multiple contexts are used within the ASA. Each context can be configured with a virtual sensor, and the matching IPS policy can be configured with individual ASA IPS module settings. ASA IPS Module Configuration In an effort to keep this a little organized, the next few sections will split up the major sections of configuration. ASA IPS Module Network Configuration 2
The first thing to cover is how to configure the basic network settings of the IPS module, assuming that the defaults are not acceptable. The way to do this differs between the ASA 5505 and all of the other models. For the ASA 5505, the first thing to set up is the management VLAN. The process to configure these settings is shown in Table1: Table1: ASA 5505 IPS Module Basic Network For all other ASA modules, the first step is to session into the ASA IPS module. For the models using a software IPS module, there are two different methods to do this, as shown in Table2: Table2: ASA IPS Module Session Methods (ASA 5510+) 3
NOTE: The specific configuration of the ASA IPS module is beyond the scope of this article, but from a Cisco documentation perspective, these modules are treated similarly to a Cisco IPS 4200 Series Sensor and their specific policy configuration is covered in the same documentation. For the specifics, check out http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_documentation_r oadmaps_list.html. Virtual Sensor Configuration When using the ASA IPS module with multiple contexts the use of virtual sensors can be very useful, this section will review the basic command that is used within each contexts system execution space. The name that is given to the virtual sensor within this section can then be used within the configuration shown in the next section. To configure a virtual sensor, there is only a single command that is used within each context (see Table3). Table3: Configuring ASA IPS Module Virtual Sensors ASA IPS Module Policy Configuration For the ASA to know which traffic to forward to the IPS module, there needs to be a policy configured. All the specific options for matching traffic will not be covered in this article, but the basic commands will be shown for clarity. Table 4 will review the steps needed to create an ASA IPS module policy. Table4: Configuring ASA IPS Module Policy 4
The ASA IPS module opens up the possibility of using a single appliance to do a number of things. However, there are downsides to its add-on functionality. All traffic that is configured in the inline operational mode is limited to the overall throughput possible with the specific ASA IPS module (it differs considerable by which model and module). In very high-bandwidth applications, IPS-only appliances are also offered by Cisco. Hopefully the content of this article has provided you with at least a little better 5
understanding of the capabilities of this solution and how it can be configured to increase the security of an organization’s (small to large) network. 3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 6
understanding of the capabilities of this solution and how it can be configured to increase the security of an organization’s (small to large) network. 3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 6

Recommended

Cisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesCisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesIT Tech
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
Sba web sec_dg
Sba web sec_dgSba web sec_dg
Sba web sec_dgWilmer Gomez Reyes
 
Ping
PingPing
PingNetProtocol Xpert
 

Recommended

Cisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesCisco asa 5500 series adaptive security appliances
Cisco asa 5500 series adaptive security appliancesIT Tech
 
Cisco asa cx firwewall
Cisco asa cx firwewallCisco asa cx firwewall
Cisco asa cx firwewallAnwesh Dixit
 
Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Текториал по тематике информационной безопасности
Текториал по тематике информационной безопасности Cisco Russia
 
Secure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMSecure Data Center Solution with FP 9300 - BDM
Secure Data Center Solution with FP 9300 - BDMBill McGee
 
Identity Services Engine Overview and Update
Identity Services Engine Overview and UpdateIdentity Services Engine Overview and Update
Identity Services Engine Overview and UpdateCisco Canada
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
Sba web sec_dg
Sba web sec_dgSba web sec_dg
Sba web sec_dgWilmer Gomez Reyes
 
Ping
PingPing
PingNetProtocol Xpert
 
NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web securityxKinAnx
 
Security context on asa firewall
Security context on asa firewallSecurity context on asa firewall
Security context on asa firewallNetProtocol Xpert
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortPriyank Sharma
 
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
ASA day 1.pptx
ASA day 1.pptxASA day 1.pptx
ASA day 1.pptxssuser6ed64a
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesSarah Tao
 
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...IT Tech
 
Ip san-best-practices-en
Ip san-best-practices-enIp san-best-practices-en
Ip san-best-practices-enOscar Gil Merino
 
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdfJuniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdfLarry Linares Barreto
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 
IDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIRJET Journal
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesIT Tech
 

More Related Content

Viewers also liked

NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNetProtocol Xpert
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallIT Tech
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security DeploymentCisco Canada
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web securityxKinAnx
 
Security context on asa firewall
Security context on asa firewallSecurity context on asa firewall
Security context on asa firewallNetProtocol Xpert
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookRHC Technologies
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortPriyank Sharma
 

Viewers also liked (13)

NAT with ASA & ASA Security Context
NAT with ASA & ASA Security ContextNAT with ASA & ASA Security Context
NAT with ASA & ASA Security Context
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context Training
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
How to configure cisco asa virtual firewall
How to configure cisco asa virtual firewallHow to configure cisco asa virtual firewall
How to configure cisco asa virtual firewall
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
Web Security Deployment
Web Security DeploymentWeb Security Deployment
Web Security Deployment
 
Presentation cisco iron port email & web security
Presentation cisco iron port email & web securityPresentation cisco iron port email & web security
Presentation cisco iron port email & web security
 
Security context on asa firewall
Security context on asa firewallSecurity context on asa firewall
Security context on asa firewall
 
Cisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBookCisco ASA Firewall Lab WorkBook
Cisco ASA Firewall Lab WorkBook
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Cisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in ShortCisco Ironport WSA- Introduction and Guide in Short
Cisco Ironport WSA- Introduction and Guide in Short
 

Similar to Configuration cisco asa ips module

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadMehtabRohela
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesSarah Tao
 
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...IT Tech
 
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdfJuniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdfLarry Linares Barreto
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...IT Tech
 
IDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIRJET Journal
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesIT Tech
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...MehtabRohela
 
Regional Bank IPSec Solution
Regional Bank IPSec SolutionRegional Bank IPSec Solution
Regional Bank IPSec SolutionJeffrey Sicuranza
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Cisco Russia
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩bwsibh
 
香港六合彩
香港六合彩香港六合彩
香港六合彩dsageg
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShareirglygks
 

Similar to Configuration cisco asa ips module (20)

Cisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center HyderabadCisco ASA Firewall Presentation - ZABTech center Hyderabad
Cisco ASA Firewall Presentation - ZABTech center Hyderabad
 
ASA day 1.pptx
ASA day 1.pptxASA day 1.pptx
ASA day 1.pptx
 
Is this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x seriesIs this guide for you cisco firepower threat defense for the asa 5506-x series
Is this guide for you cisco firepower threat defense for the asa 5506-x series
 
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
Cisco adaptive security appliance (asa) firewalls lifeline of today’s data ce...
 
Ip san-best-practices-en
Ip san-best-practices-enIp san-best-practices-en
Ip san-best-practices-en
 
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdfJuniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
Juniper_Wired_and_Wireless_Comparison_Guide_V6_201002[2] (1).pdf
 
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
Cisco asa 5500 x series migration options-asa 5555-x, asa 5525-x & asa 55...
 
IDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in CloudIDSaaS: Intrusion Detection System as a Service in Cloud
IDSaaS: Intrusion Detection System as a Service in Cloud
 
Top 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 seriesTop 5 reasons to purchase cisco asa 5500 series
Top 5 reasons to purchase cisco asa 5500 series
 
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
Device security master (ASA Firewall) - project thesis - SZABIST-ZABTech Hyde...
 
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deploymentsEMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
EMEA Airheads- Instant AP- APP REF and Mixed IAP Cluster deployments
 
Regional Bank IPSec Solution
Regional Bank IPSec SolutionRegional Bank IPSec Solution
Regional Bank IPSec Solution
 
What is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoTWhat is SCADA system? SCADA Solutions for IoT
What is SCADA system? SCADA Solutions for IoT
 
UNIT -IV.docx
UNIT -IV.docxUNIT -IV.docx
UNIT -IV.docx
 
Big ip-ltm-asm-dg
Big ip-ltm-asm-dgBig ip-ltm-asm-dg
Big ip-ltm-asm-dg
 
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
Using packet-tracer, capture and other Cisco ASA tools for network troublesho...
 
Unit 5
Unit 5Unit 5
Unit 5
 
六合彩,香港六合彩
六合彩,香港六合彩六合彩,香港六合彩
六合彩,香港六合彩
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
香港六合彩 » SlideShare
香港六合彩 » SlideShare香港六合彩 » SlideShare
香港六合彩 » SlideShare
 

Recently uploaded

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 

Configuration cisco asa ips module

  • 1. Configuration Cisco ASA IPS Module For almost all companies are connected to the Internet, the threat of network attacks is an inevitable problem that they need to face. So there is often a need to set up some type of intrusion detection system (IDS) or intrusion protection system (IPS). These systems’ main purpose is to detect attacks as they are being initiated; this detection is done by comparing the streams of incoming traffic against a database of known attacks. The main differences between an IDS and an IPS is in what happens when the device detects an attack. An IDS will detect the attack and alert the network administrators/engineers; an IPS has the ability to directly block the attack traffic once it has been detected. This can proactively prevent a good amount of damage to the internal network. Cisco ASA line adds this ability with an additional piece of hardware of software, depending on the base ASA model. In this article it will take a look at this additional capability, what it offers, and how it can be configured to monitor traffic through an ASA. ASA IPS Module Details The IPS module might be a physical module or a software module, depending on your ASA model. The IPS module runs advanced IPS software that provides proactive, full-featured intrusion prevention services to stop malicious traffic, including worms and network viruses, before they can affect your network. The exact details of the IPS functionalities of an ASA depend on the specific model of ASA that is being used. The ASA 5505, 5510, 5520, 5540, 5580, and 5585-X all use an additional hardware module that is inserted into the ASA chassis. The ASA 5512-X, 5515X, 5525-X, 5545-X, and 5555-X all use an additional software module that is uploaded to the ASA. The connection to manage the ASA module differs also by the model of the ASA used: ASA 5505: The ASA 5505 IPS module does not have an external management interface and is managed using a management VLAN within the ASA. By default, the VLAN that is used is 1, and the default IPS management IP address is 192.168.1.2. ASA 5510, ASA 5580, ASA 5585-X: These devices have an external management interface that is used to configure the device and the IPS module; the ASA 5585-X actually has several external management interfaces. With these devices, the ASA and the ASA IPS module are typically assigned with IP addresses that are on the same subnet (default: ASA – 192.168.1.1, ASA IPS – 192.168.1.2). It is also possible to 1
  • 2. configure the ASA to be managed via an inside interface while the ASA IPS module is solely managed via the external management interface. ASA 5512-X, ASA 5555-X: These devices work similarly to the previous models with an external management interface and with the same default IP addresses. The Basic Operation of the ASA IPS Module The basic ASA IPS module operation is simple: Traffic comes into the ASA and goes through the initial ASA processes (e.g., VPN decryption, firewall policy). Traffic that is matched is then sent to the IPS module; traffic that is allowed to pass is returned from the IPS module and can be sent back out another ASA interface. The ASA IPS module does offer two different operating modes that can be specified within the traffic-matching configuration; these include inline mode and promiscuous mode. While in inline mode, all matched traffic will be sent to the ASA IPS module and will not continue on through the ASA until it is returned from the module. While in promiscuous mode, a copy of the matched traffic is sent to the ASA IPS module with the initial copy of the traffic continuing through the ASA; if the ASA IPS module finds that specific traffic matches one of the attack signatures, it will send a shun message to the ASA to block any future traffic matching the specific traffic characteristics. The choice of which operating mode to use depends on the specific implementation. Although the inline mode is more secure, it can also have some effect on traffic throughput. The promiscuous mode is the opposite: being less secure but not affecting traffic throughput. The promiscuous mode operates in a similar way to a traditional IDS, whose alerts can retroactively be used to block future traffic. Virtual Sensors All the ASA models except the 5505 support virtual sensors; these sensors are used when multiple contexts are used within the ASA. Each context can be configured with a virtual sensor, and the matching IPS policy can be configured with individual ASA IPS module settings. ASA IPS Module Configuration In an effort to keep this a little organized, the next few sections will split up the major sections of configuration. ASA IPS Module Network Configuration 2
  • 3. The first thing to cover is how to configure the basic network settings of the IPS module, assuming that the defaults are not acceptable. The way to do this differs between the ASA 5505 and all of the other models. For the ASA 5505, the first thing to set up is the management VLAN. The process to configure these settings is shown in Table1: Table1: ASA 5505 IPS Module Basic Network For all other ASA modules, the first step is to session into the ASA IPS module. For the models using a software IPS module, there are two different methods to do this, as shown in Table2: Table2: ASA IPS Module Session Methods (ASA 5510+) 3
  • 4. NOTE: The specific configuration of the ASA IPS module is beyond the scope of this article, but from a Cisco documentation perspective, these modules are treated similarly to a Cisco IPS 4200 Series Sensor and their specific policy configuration is covered in the same documentation. For the specifics, check out http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_documentation_r oadmaps_list.html. Virtual Sensor Configuration When using the ASA IPS module with multiple contexts the use of virtual sensors can be very useful, this section will review the basic command that is used within each contexts system execution space. The name that is given to the virtual sensor within this section can then be used within the configuration shown in the next section. To configure a virtual sensor, there is only a single command that is used within each context (see Table3). Table3: Configuring ASA IPS Module Virtual Sensors ASA IPS Module Policy Configuration For the ASA to know which traffic to forward to the IPS module, there needs to be a policy configured. All the specific options for matching traffic will not be covered in this article, but the basic commands will be shown for clarity. Table 4 will review the steps needed to create an ASA IPS module policy. Table4: Configuring ASA IPS Module Policy 4
  • 5. The ASA IPS module opens up the possibility of using a single appliance to do a number of things. However, there are downsides to its add-on functionality. All traffic that is configured in the inline operational mode is limited to the overall throughput possible with the specific ASA IPS module (it differs considerable by which model and module). In very high-bandwidth applications, IPS-only appliances are also offered by Cisco. Hopefully the content of this article has provided you with at least a little better 5
  • 6. understanding of the capabilities of this solution and how it can be configured to increase the security of an organization’s (small to large) network. 3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 6
  • 7. understanding of the capabilities of this solution and how it can be configured to increase the security of an organization’s (small to large) network. 3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale original new Cisco networking equipments, including Cisco Catalyst switches, Cisco routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards products at competitive price and ship to worldwide. Our website: http://www.3anetwork.com Telephone: +852-3069-7733 Email: info@3Anetwork.com Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong 6