[ LiB ] |
Terms you'll need to understand:
Blocking
Shunning
Managed device
Blocking sensor
Managed interface
Active access control list (ACL)
Pre-block ACL
Post-block ACL
Never-block ACL
Master blocking sensor
Forwarding blocking sensor
Techniques you'll need to master:
Following blocking guidelines
Following the blocking process
Making considerations for ACLs
Configuring the blocking sensor
Configuring the master blocking
IP blocking , also called shunning , is a powerful tool to prevent hosts or connections from launching future attacks by blocking their source traffic after an attack is detected . The Cisco Secure Intrusion Detection System (IDS) performs IP blocking by dynamically creating ACLs for network devices in response to a specific attack. Although potentially very powerful, IP blocking can block legitimate traffic if configured incorrectly. This chapter discusses the guidelines to follow when configuring blocking, the configuration tasks for different managed devices, and master blocking configuration.
[ LiB ] |