One command that had a fairly long history first with the PIX Firewall and now the ASA is the shun command. In this post we’ll examine this command’s history, why it’s useful, and its new-found resurgence in threat detection implementation.

Many students who have either taken training classes on the Cisco PIX or ASA security appliances or read associated published material are already acquainted with the phrase “TCP SYN cookie”. This post will serve to explain some of the historical background, as well as the numerous hardware implementations. The TCP SYN Flood denial-of-service attack is now […]

ASA and PIX software version 7.0 introduced the configuration command nat-control which didn’t exist in previous versions of code. Although training course material for both the SNAF (Securing Networks with ASA Fundamentals) and SNAA (Securing Networks with ASA Advanced) assume that their audience will use this global configuration command, it should not be considered a […]

This blog is the first of a series of articles on the new security features of IOS 15.0 code. Our focus will be on what we view as the more significant and complex singular aspects of this major rollout with regards to the security components. One such major improvement is in the area of the […]