Cisco Cisco Customer Voice Portal 8.0(1) Installation Guide
Using CSA Management Center to Protect Against TCP Flood Attacks
You can configure CSA management center to protect your servers against several types of
TCP flood attacks, such as:
TCP flood attacks, such as:
•
ESTABLISHED
•
FIN-WAIT
•
CLOSING
The protection against flood attacks is provided by enabling Connection Rate Limit Rules. The
steps below detail how to create Connection Rate Limit Rules to protect a server from flood
attacks, however, you must consult the CSA documentation, modify the rules to your specific
deployment, and test your configuration in a non-production environment before deploying the
rules.
steps below detail how to create Connection Rate Limit Rules to protect a server from flood
attacks, however, you must consult the CSA documentation, modify the rules to your specific
deployment, and test your configuration in a non-production environment before deploying the
rules.
To protect against flood attacks, you use CSA management center to create two connection rate
limit rules. The first rule that allows (Priority Allow) network connection from IP addresses
that belong to Unified Communications Manager, Gateways, Unified Contact Center Enterprise,
and other servers that require a connection to Unified CVP. The second rule denies all network
connections when the machine is acting as a server. The general steps for creating this
configuration are below. For specific details about using this configuration in CSA Management
Center, see the documentation for CSA Management Center.
limit rules. The first rule that allows (Priority Allow) network connection from IP addresses
that belong to Unified Communications Manager, Gateways, Unified Contact Center Enterprise,
and other servers that require a connection to Unified CVP. The second rule denies all network
connections when the machine is acting as a server. The general steps for creating this
configuration are below. For specific details about using this configuration in CSA Management
Center, see the documentation for CSA Management Center.
Step 1
Using the CSA Management Center, create the first Connection Rate Limit rule (Priority Allow).
This rule allows IP addresses to connect to the Unified CVP server. Since this is a Priority Allow
rule, the rule has priority over the second rule that you create to deny traffic to the server.
This rule allows IP addresses to connect to the Unified CVP server. Since this is a Priority Allow
rule, the rule has priority over the second rule that you create to deny traffic to the server.
To create the first rule:
1. Expand the Rules area of the Rules module to which you are going to add the Priority
Allow rule and click Add.
2. Select the Connection Rate Limit rule. The configuration view for this rule opens.
3. Enter the following information for this rule:
–
Description: Provide a description for this rule, for example "Allow Call Center
Server Traffic".
Server Traffic".
–
Enabled: Verify this box is checked.
–
Log: Check this box to enable logging for this rule.
4. In the Take the following action field, select Priority Allow.
5. In the When Applications in any of the following selected classes field, verify <All
Applications> (default entry) is selected.
Cisco Security Agent Installation/Deployment Guide for Cisco Unified Customer Voice Portal Release 8.0(1)
33
Chapter 10: Migrating to the Management Center for Cisco Security Agent
Important: Using Your Own CSA Management Center