Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA Card

Hi,

I have got a link of 6 Mbps internet connection. I want to secure my internet from every prospective. What should I keep, will the ASA 5510 sufficient for me. Which card should I install to get the maximum security levcel. Is AIP service module sufficient for me.

Thanks in advance for your kind support.

- Mero

Everyone's tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions

ASA Card

Hello,

I would say the ASA its a really great security box but I would suggest to buy an AIP-SSM security card for any treath that could be triggered by one of its signatures.

Remember that cisco recommends the defense-in-depth witch is based on different layers of security.. That being said the AIP-SSM with the ASA will provide a great layer of security to your network.

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Gold

Re: ASA Card

Hi

First of all a 6Mb link does not tell us everything needed to make an assessment of what is sufficient for you.

6Mbit with 1 million users ? with 200 servers and so on gives us many unknowns.

However that said.

A 6Mb link normally would not be a problem for a 5505 and there is one model where you can setup with a ssm card.

BUT there is a wildcard in the deck, in your case the new asa5512-x or 5515-x. Since you can order it, but i have yet to know if they are beeing shipped they are very interesting since they will become the "new" asa and the old ones (incl 5510) will most likely be EOS (End Of Sales) not far from now.

I totally agree on layer on layer of security, 

the best thing you can do is to build your security like an union. layer upon layer upon layer.

if you are serious about security then you should also make sure you log things and so on.

The most important part of security, of any type, is knowledge.

Understand your equipment,

understand your enemy (flood, fire, blackouts, thiefs, hackers and so on) 

and most of all understand your own limitations. what you can and what you can not do.

If you are mentally prepared for an event and have a rudamentary plan on how to deal with it,

you are ahead of 80% of the competition.

In this game knowledge and imagination is everything. if you can imagine it, someone somewhere will eventually do it.

The problem lies in that the whole organisation has to be aware and understand the importance of security.

That is one big rock to roll.

One key aspect of knowledge is that you need to understand that you can never stop a APT (Advanced Persistent Threat) simply put you do not have the resources to do so, and if you did, we would not have this discussion.

so if you can not stop an APT then what can you do ? well it is always the lowest hanging fruit that gets picked.

in the real world, if a burgler sees a sign that states that there is an alarm or hears a dog and so on,  if there is nothing very special they are after in your house the burgler will go to the next house and burgler that house instead.

its just easier and less risk involved to do that.

Good luck

HTH

2 REPLIES

ASA Card

Hello,

I would say the ASA its a really great security box but I would suggest to buy an AIP-SSM security card for any treath that could be triggered by one of its signatures.

Remember that cisco recommends the defense-in-depth witch is based on different layers of security.. That being said the AIP-SSM with the ASA will provide a great layer of security to your network.

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
Gold

Re: ASA Card

Hi

First of all a 6Mb link does not tell us everything needed to make an assessment of what is sufficient for you.

6Mbit with 1 million users ? with 200 servers and so on gives us many unknowns.

However that said.

A 6Mb link normally would not be a problem for a 5505 and there is one model where you can setup with a ssm card.

BUT there is a wildcard in the deck, in your case the new asa5512-x or 5515-x. Since you can order it, but i have yet to know if they are beeing shipped they are very interesting since they will become the "new" asa and the old ones (incl 5510) will most likely be EOS (End Of Sales) not far from now.

I totally agree on layer on layer of security, 

the best thing you can do is to build your security like an union. layer upon layer upon layer.

if you are serious about security then you should also make sure you log things and so on.

The most important part of security, of any type, is knowledge.

Understand your equipment,

understand your enemy (flood, fire, blackouts, thiefs, hackers and so on) 

and most of all understand your own limitations. what you can and what you can not do.

If you are mentally prepared for an event and have a rudamentary plan on how to deal with it,

you are ahead of 80% of the competition.

In this game knowledge and imagination is everything. if you can imagine it, someone somewhere will eventually do it.

The problem lies in that the whole organisation has to be aware and understand the importance of security.

That is one big rock to roll.

One key aspect of knowledge is that you need to understand that you can never stop a APT (Advanced Persistent Threat) simply put you do not have the resources to do so, and if you did, we would not have this discussion.

so if you can not stop an APT then what can you do ? well it is always the lowest hanging fruit that gets picked.

in the real world, if a burgler sees a sign that states that there is an alarm or hears a dog and so on,  if there is nothing very special they are after in your house the burgler will go to the next house and burgler that house instead.

its just easier and less risk involved to do that.

Good luck

HTH

289
Views
0
Helpful
2
Replies
CreatePlease to create content