Symantec Critical System Protection and Generic Network Attacks
I am implementing SCSP at a Client site and Client is asking for a Demo for SCSP Protection i.e. Client wants me to use a third party tool like Zenmap, run an attack against a machine which has SCSP installed and show me how it protects. I tried running some attack like Syn Attack Brute Force against SMB etc. I could only configure two actions in SCSP Prevention Policy i.e. either block a Network Range or Allow a Network Range (I was using Windows Core Prevention Policy). This action cause the SCSP either to block or allow any IP or even attack. For e.g. It let the Test machine to run a Sync Attack against my test machine and did not block. I was hoping that after consecutive 10 or 20 SYN requests, it would block the IP or at least raise a warning in IDS mentioning a SYN attack but nothing !
Can anyone please help me understand the best situation under which SCSP can be used? Do I need to put in another Firewall with these features. I have to install SCSP on DMZ Servers and hence, it is quite critical.