dhananjoy chowdhury Sat, 06/28/2008 - 07:12
User Badges:
  • Silver, 250 points or more


Here are few I can think of now -

1. Remove telnet access , use only SSH (preferable v2 and with SSH timeout set)

2. Allow only specific users/nw to SSH to the ASA box and preferable only from the Inside interface.

3. Create local users on the ASA with different priveleges or using a AAA server.

4. Logging should be enabled and also set a syslog server IP where the logs can be exported.

5. Review the access-lists and the NAT configuration, remove the unwanted ones.


This Discussion