Block Attacks with a Cisco ASA Firewall and IDS using the shun command

An Intrusion Detection gadget as we recognize can both paintings in Inline Mode (IPS) or in promiscuous mode (IDS). In inline mode, the IPS sensor can stumble on and block assaults by using itself on the grounds that all visitors passes thru the sensor. However, in promiscuous mode, the IDS sensor can't block attacks through itself, but has to teach the firewall to block the assault.

An Intrusion Detection system as we recognise can either work in Inline Mode (IPS) or in promiscuous mode (IDS). In inline mode, the IPS sensor can discover and block assaults by way of itself since all visitors passes thru the sensor. However, in promiscuous mode, the IDS sensor can not block assaults through itself, however has to teach the firewall to block the assault. This is depicted inside the diagram below.

The IDS sensor in our example is connected in “parallel” (no longer inline) with the ASA firewall. The “Sensing Interface” of the IDS appliance is connected on the outside (Internet) network region and is continuously monitoring visitors to locate assaults. The “Control Interface” of the IDS appliance is hooked up on the inside network quarter and is used to communicate with the ASA firewall. If an attack is detected (e.G Attacker at address 100.100.100.1 is sending malicious visitors to Victim deal with 200.200.200.1), the IDS sensor instructs the ASA firewall (the use of the “Control Interface”) to dam the attacking connection. This is completed by means of the IDS sensor with the aid of asking the firewall to apply the “shun” command to dam the connection.

Read More: cisco intrusion prevention system