CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)

Chapter 9. Attack Guards and Intrusion Detection

Terms you'll need to understand:

• Attack guards

• Fragmentation guard

• Mail Guard

• Embryonic connections

• TCP intercept

• Signatures

• False positives

• Shunning

Techniques you'll need to master:

• Setting embryonic connections

• Setting IP audits to an interface

• Configuring the Mail Guard feature

• Disabling signatures

In addition to ACL filtering and application inspection, the PIX firewall has attack guards and intrusion detection built in to protect against access and denial-of-service (DoS) attacks. Attack guards help prevent penetration and DoS attacks from taking advantage of basic security threats such as weaknesses and security holes found in commonly used applications. Intrusion detection techniques are used by the PIX firewall to monitor and shun possible attacks by reviewing the IP signatures that pass through the device. This chapter reviews these features within the PIX firewall products.