Determining the Penetration Threshold for an ASA 5500 Firewall

Abstract

The technology of today is dramatically more advanced than it was 30 years ago. With fiber optic cables becoming ever more present and the rapid expansion of storage, the volume of data passing through these devices is also becoming more abundant. Over time, it has become easier to launch many kinds of attacks. These attacks are often launched from one computer sending huge amounts of spoofed data for several minutes. It is no surprise then that multiple computers launching an attack will create a dire situation regardless of which PC or server is being attacked. A Denial of Service (DoS) attack occurs when an attacker floods a computer or server with illegitimate data so that the system will deny service to a legitimate user [3]. This occurs because that system is now lacking the resources to handle any more data. A Distributed DoS (DDoS) attack is the same idea, but amplified. A DDoS attack involves multiple systems striking a single target and flooding that target with data, overloading the target's computers, servers, and firewalls [3]. This often causes the physical devices to exhaust and deny legitimate requests. As if that wasn't enough, the attacker can plant a virus or Trojan in the system once they gain access to further sabotage the target. These types of attacks are very damaging to companies all around the world. That is where the Cisco ASA 5500 series firewall comes in. In this paper, we will be examining how efficiently a firewall of this type can defend against a DoS attack and a DDoS attack, and what adverse effects are displayed after the attacks have occurred.