UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Cisco ASA must be configured to implement scanning threat detection.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239864 CASA-FW-000220 SV-239864r665878_rule High
Description
In a port scanning attack, an unauthorized application is used to scan the host devices for available services and open ports for subsequent use in an attack. This type of scanning can be used as a DoS attack when the probing packets are sent excessively.
STIG Date
Cisco ASA Firewall Security Technical Implementation Guide 2021-03-15

Details

Check Text ( C-43097r665876_chk )
Review the ASA configuration to determine if scanning threat detection has been enabled.

threat-detection scanning-threat shun

If the ASA has not been configured to enable scanning threat detection, this is a finding.
Fix Text (F-43056r665877_fix)
Configure scanning threat detection as shown in the example below.

ASA(config)# threat-detection scanning-threat shun