3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'

Information

Enables threat detection statistics for attacks blocked by the TCP Intercept function

Rationale:

The TCP Intercept function helps protecting the network and particularly servers against DOS attacks. When the maximum count of allowed connections is reached, through the TCP Intercept function, the firewall will no longer allow connection to the impacted server and will act as a proxy to the attack server until a valid traffic is received.

Enabling statistics can help to prevent the attacks at the earliest stage possible upstream.

Solution

Run the following to enable threat detection statistics for TCP Intercept

hostname(config)# threat-detection statistics tcp-intercept

Default Value:

Not enable by default

See Also

https://workbench.cisecurity.org/benchmarks/7194

Item Details

Category: CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-7, 800-53|CP-6, 800-53|CP-7, 800-53|PL-8, 800-53|PM-7, 800-53|SA-8, 800-53|SC-7, CSCv7|11.1

Plugin: Cisco

Control ID: b58b1d9d02b214ccc7ab770e7c03f22e93967261c977a7e60700f77ac75585d0