CSIDS Exam Cram 2 (Exam 642-531)

Terms you'll need to understand:

• Blocking

• Shunning

• Managed device

• Blocking sensor

• Managed interface

• Active access control list (ACL)

• Pre-block ACL

• Post-block ACL

• Never-block ACL

• Master blocking sensor

• Forwarding blocking sensor

Techniques you'll need to master:

• Following blocking guidelines

• Following the blocking process

• Making considerations for ACLs

• Configuring the blocking sensor

• Configuring the master blocking

IP blocking , also called shunning , is a powerful tool to prevent hosts or connections from launching future attacks by blocking their source traffic after an attack is detected . The Cisco Secure Intrusion Detection System (IDS) performs IP blocking by dynamically creating ACLs for network devices in response to a specific attack. Although potentially very powerful, IP blocking can block legitimate traffic if configured incorrectly. This chapter discusses the guidelines to follow when configuring blocking, the configuration tasks for different managed devices, and master blocking configuration.