Ensure intrusion prevention is enabled for untrusted interfaces

Information

Enables the intrusion prevention with the IP audit feature on untrusted interfaces

Rationale:

The intrusion prevention is an additional feature for which the security appliance audits the traffic in order to identify vulnerability exploits. This is achieved because specific signatures are matched in the traffic. There are two types of signatures, attack signature for which the traffic is intended to harm the internal resource and informational signature for which the traffic is to gather information on internal resources through port scans, ping sweeps, DNS zone transfers and many others. The possible actions to prevent the intrusion are to drop the traffic, to reset the connection or to send an alarm.

Solution

Configure Intrustion Prevention settings with Firepower Management Center:

Step 1 - Choose Policies > Access Control > Intrusion.
Step 2 - Manage your intrusion policy

See Also

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/hardening/ftd/FTD_Hardening_Guide_v64.html

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(1)

Plugin: Cisco_Firepower

Control ID: 6c58fa4efe2c803e1c010e4b2ad3b041feb647a78ab1745c9b702ce133543ab9