ASA Firewall Hardening

Unanswered Question
Jun 26th, 2008

Does anyone have any good resources or articles on hardening an ASA?

General stuff will do and I will make it more specific as I go.

Thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dhananjoy chowdhury Sat, 06/28/2008 - 07:12

Hi,

Here are few I can think of now -

1. Remove telnet access , use only SSH (preferable v2 and with SSH timeout set)

2. Allow only specific users/nw to SSH to the ASA box and preferable only from the Inside interface.

3. Create local users on the ASA with different priveleges or using a AAA server.

4. Logging should be enabled and also set a syslog server IP where the logs can be exported.

5. Review the access-lists and the NAT configuration, remove the unwanted ones.

Actions

This Discussion