Cisco SA520-K9 Administration Guide - Page 118
Configuring Attack Checks, Configuring Firewall Rules to Control Inbound
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 118 highlights
Firewall Configuration Using Other Tools to Prevent Attacks, Restrict Access, and Control Inbound Traffic 4 Configuring Attack Checks Use this page to specify how you want to protect your network against common types of attacks including discovery, flooding, and echo storms. STEP 1 Click Firewall > Attacks. The Attack Checks window opens. STEP 2 In the WAN Security Checks area, check the box for each feature that you want to enable: • Block Ping to WAN interface: Check this box to prevent attackers from discovering your network through ICMP Echo (ping) requests. Cisco recommends that you uncheck this box only if you need to allow the security appliance to respond to pings for diagnostic purposes. This setting is overridden in these cases: - A firewall rule that directs ping requests to a particular computer on the LAN. See Configuring Firewall Rules to Control Inbound and Outbound Traffic, page 103. - WAN Mode settings that ping specified IP addresses for failure detection. See Configuring Auto-Rollover, Load Balancing, and Failure Detection, page 57. • Enable Stealth Mode: Check this box to prevent the security appliance from responding to port scans from the WAN. In Stealth Mode, your network is less susceptible to discovery and attacks. • Block TCP Flood: Check this box to drop all invalid TCP packets. This feature protects your network from a SYN flood attack, in which an attacker sends a succession of SYN (synchronize) requests to a target system. STEP 3 In the LAN Security Checks section, check the Block UDP Flood box to prevent the security appliance from accepting more than 25 simultaneous, active UDP connections from a single computer on the LAN. STEP 4 In the ICSA Settings area, enter the following information: • Block ICMP Notification: Check this box to silently block without sending an ICMP notification to the sender. Some protocols, such as MTU Path Discovery, require ICMP notifications. • Block Fragmented Packets: Check this box to block fragmented packets from ANY to ANY. • Block Multicast Packets: Check this box to block multicast packets. Cisco SA500 Series Security Appliances Administration Guide 118