I configured my ASA 5510, please find attached my network diagram for reference, and following configuration

Pleaase review my configuration and advise what should be denied and what should be permitted,

moreover please check basic security levels are working fine or not,

please made changes if required

MTL-ASA# sh run
: Saved
:
ASA Version 7.0(7)
!
hostname MTL-ASA
domain-name millat.com.pk
enable password Qxxxxxxxxxxxxxxt encrypted
names
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 192.168.74.2 255.255.255.0
!
interface Ethernet0/1
nameif DMZ
security-level 50
ip address 192.168.1.18 255.255.255.0
!
interface Ethernet0/2
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
!
interface Ethernet0/3
nameif ptcl
security-level 0
ip address 192.168.95.65 255.255.255.0
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.90.1 255.255.255.0
management-only
!
passwd NyOrA4dtiFkmSvez encrypted
ftp mode passive

dns domain-lookup DMZ

access-list outside_to_DMZ extended permit ip 192.168.74.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_to_DMZ extended permit tcp any any eq 3389
access-list outside_to_DMZ extended permit ip any any
access-list outside_to_DMZ extended permit tcp any any

access-list 101 extended permit ip any any
access-list 101 extended permit tcp any any
access-list 101 extended permit icmp any any
access-list 101 extended permit tcp any any eq smtp
access-list 101 extended permit tcp any any eq pop3
access-list 101 extended permit tcp any any eq https
access-list 110 extended permit tcp any any eq https

access-list inside_access_in extended permit tcp any any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any eq https
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any any eq ftp
access-list inside_access_in extended permit tcp any any eq pop3
access-list inside_access_in extended permit tcp any any eq smtp

access-list DMZ_access_in extended permit tcp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit tcp any any eq www
access-list DMZ_access_in extended permit tcp any any eq https
access-list DMZ_access_in extended permit tcp any any eq ftp
access-list DMZ_access_in extended permit tcp any any eq pop3
access-list DMZ_access_in extended permit tcp any any eq smtp
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu outside 1500
mtu DMZ 2500
mtu inside 1500
mtu ptcl 1500
mtu management 1500

no failover

asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400

global (outside) 1 interface
nat (outside) 1 0.0.0.0 0.0.0.0

static (DMZ,outside) 192.168.74.0 192.168.1.0 netmask 255.255.255.255

access-group outside_to_DMZ in interface outside
access-group DMZ_access_in in interface DMZ
access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 192.168.74.1 1
route inside 192.168.9.0 255.255.255.0 192.168.20.2 1
route inside 192.168.7.0 255.255.255.0 192.168.20.2 1
route inside 192.168.6.0 255.255.255.0 192.168.20.2 1
route inside 192.168.5.0 255.255.255.0 192.168.20.2 1
route inside 192.168.4.0 255.255.255.0 192.168.20.2 1
route inside 192.168.10.0 255.255.255.0 192.168.20.2 1
route inside 192.168.2.0 255.255.255.0 192.168.20.2 1
route inside 192.168.218.0 255.255.255.0 192.168.20.2 1
route inside 192.168.217.0 255.255.255.0 192.168.20.2 1

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute

username Junaid password kxxxxxxxxxxxxx0 encrypted privilege 15

http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.90.0 255.255.255.0 management

no snmp-server location
no snmp-server contact
snmp-server community Admins
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps remote-access session-threshold-exceeded

telnet 192.168.10.0 255.255.255.0 DMZ
telnet 192.168.20.0 255.255.255.0 inside
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
Cryptochecksum:b6xxxxxxxxxxxxxxxxxxxxf8
: end