Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5505 Security Tips

My company is using an ASA 5505 for security. I've enable IP Audit and IP verify reverse-path. Are there any other securities tips build in the device? Or, what is the best way to secure your network with ASA 5505

1 REPLY
Cisco Employee

Re: ASA 5505 Security Tips

The best way to secure your network with it is to simply plug it in between the Internet and your network. By default all outbound traffic (to the Internet) will be allowed (assuming you set up NAT rules as necessary) and all inbound traffic (from the Internet) will be denied.

If you don't specifically allow any inbound traffic into your network then "ip audit" is not going to be of much use to you, and "ip verify reverse-path" will benefit the rest of the Internet community by not allowing any of your internal PC's to send out spoofed packets.

If you need to allow inbound traffic make sure to only allow the bare minimum in, that is specifically define the protocol, port and destination IP addresses in your access-list. Turn on protocol inspection using the "inspect ..." command if there is an inspection for the protocol in question.

Set up a syslog server and log all your level 1-4 syslog messages to it and archive them off for future reference.

Other than that, have fun and relax.

142
Views
0
Helpful
1
Replies