My company is using an ASA 5505 for security. I've enable IP Audit and IP verify reverse-path. Are there any other securities tips build in the device? Or, what is the best way to secure your network with ASA 5505
The best way to secure your network with it is to simply plug it in between the Internet and your network. By default all outbound traffic (to the Internet) will be allowed (assuming you set up NAT rules as necessary) and all inbound traffic (from the Internet) will be denied.
If you don't specifically allow any inbound traffic into your network then "ip audit" is not going to be of much use to you, and "ip verify reverse-path" will benefit the rest of the Internet community by not allowing any of your internal PC's to send out spoofed packets.
If you need to allow inbound traffic make sure to only allow the bare minimum in, that is specifically define the protocol, port and destination IP addresses in your access-list. Turn on protocol inspection using the "inspect ..." command if there is an inspection for the protocol in question.
Set up a syslog server and log all your level 1-4 syslog messages to it and archive them off for future reference.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...