• DNSGuard prevents DoS and UDP session hijacking by closing the UDP port after the first received DNS response.

  • The SYN Floodguard protects hosts from TCP SYN attacks, which are half- open connections (called embryonic connections) from hackers.The embryonic limit is a parameter in the nat and static commands.

  • Embryonic connections are half-open, three-way handshake connections that could be left open intentionally by a hacker. If the embryonic limit is reached, TCP intercept on the PIX handles any new handshakes until they are proven to be valid requests . This feature was introduced in version 5.2.

  • The fixup protocol smtp command inspects SMTP traffic and allows only the following seven commands: DATA , HELO , MAIL , NOOP , QUIT , RCPT , and RSET .

  • The shun command is used for IDS blocking of inbound source traffic.

  • The PIX firewall contains a subset of the signatures of a full Cisco IDS system.

  • By default, all IDS audit signatures are enabled. If you want to disable them, use the ip audit signature <number> disable command.

  • The ip audit interface <if_name> < name > command applies an audit policy to an interface.

  • False positives are alarms triggered by legitimate traffic that matches a pattern of a monitored signature.

  • The embryonic parameter is used by the nat and static commands.

CSPFA Exam Cram 2 (Exam 642-521)
CCSP CSPFA Exam Cram 2 (Exam Cram 642-521)
ISBN: 0789730235
EAN: 2147483647
Year: 2003
Pages: 218 © 2008-2017.
If you may any questions please contact us: