Verify Initials Time with airSlate SignNow

Batch forward initials

welcome to Cisco training videos my name is Trevor the topic for this video is going to go in-depth into the first phase of the Cisco AAS a packet inspection process the first phase of this inspection process is called initial checking take a moment to look at the diagram that I drew below initial checking is the first phase in the Cisco AAS a packet inspection process packets arriving at a firewalls interface are checked for basic integrity one of the most important aspects this phase checks for is the integrity of a packet source IP address when a client or a host sends a packet through the Internet the routing devices are normally only concerned with finding a route for the destination IP address so that the correct interface can be used to route that egress traffic out of the problem with this method though is that the source IP address is usually ignored until the destination host needs to send a reply to it the vulnerability that exploits this method is called address spoofing address spoofing is when a malicious user inserts false and bogus source IP address information into the packets that it sends in order to solve for this address spoofing vulnerability Cisco aasa firewalls use a feature called unicast to reverse path forwarding aasa firewalls inspect the source address in each incoming packet when unicast reverse path forwarding is enabled on an interface so after inspecting the source address of an incoming packet the aasa' verifies that that packet is not spoofed by ensuring that the source IP addresses route is through the interface that the packet came in on so in other words the firewall will simply look at that packet and it ensures that it would use that same interface in Reverse to reach that source IP address if the as8 does not have a route for that source IP or that route is located on a different interface then what that packet came in on the aasa' deems that packet has a spoofed packet and it drops it a log message is also generated for that event there is one caveat with this unicast reverse path forwarding though if a host on the outside interface spoofs another host on the outside interface the as8 cannot detect this because it the spoofing occurs on a single interface the aasa' can't determine that this is a spoofed IP address though because it would use that same interface to go out using that spoofed IP address so the only way in a si can detect the spoofed packet coming in on the outside interface is if that spoofed source address is trying to spoof an IP address that belongs on another segment or interface behind that firewall like if the hacker at four five six seven tried to spoof an IP address on one seven two sixteen 100.0 the a si would be able to see that that's a spoofed packet because the a si is not expecting to receive any packets coming in from the outside interface using the 172 dot 16 dot 100 zero subnet as its source traffic the a si has a route because it's directly connected to that subnet it knows to use gig zero one for traffic sourcing from this subnet not outside gig zero zero remember unicast reverse path forwarding can only detect spoofed addresses when those spoofed addresses are between two separate interfaces on the Sisqo a si the reason why is when it doesn't route lookup it'll show that it failed because the route for that source IP address belongs on a different segment then it came from also remember that unicast reverse path forwarding is not enabled by default on a Cisco a si you need to issue the following command in global configuration mode to enable unicast reverse path forwarding the command is IP verify reverse path interface and in the segment that you want to enable unicast reverse path forwarding on in this case outside please leave any questions or comments you have in the comment section below this video thanks for watching hope you enjoyed