Details

Enables threat detection statistics for attacks blocked by the TCP Intercept function

Rationale:

The TCP Intercept function helps protecting the network and particularly servers against DOS attacks. When the maximum count of allowed connections is reached, through the TCP Intercept function, the firewall will no longer allow connection to the impacted server and will act as a proxy to the attack server until a valid traffic is received.

Enabling statistics can help to prevent the attacks at the earliest stage possible upstream.

Solution

Threat Detection can be configured through FlexConfig in Firepower Management Center:

Step 1 – Devices > FlexConfig
Step 2 – Use the predefined FlexConfig – Threat_Detection_Configure option

Supportive Information

The following resource is also helpful.

• https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623.html

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-7(11)

Source

• Tenable.com/audits