Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Firewall Hardening

Does anyone have any good resources or articles on hardening an ASA?

General stuff will do and I will make it more specific as I go.

Thanks.

2 REPLIES

Re: ASA Firewall Hardening

Hi,

Here are few I can think of now -

1. Remove telnet access , use only SSH (preferable v2 and with SSH timeout set)

2. Allow only specific users/nw to SSH to the ASA box and preferable only from the Inside interface.

3. Create local users on the ASA with different priveleges or using a AAA server.

4. Logging should be enabled and also set a syslog server IP where the logs can be exported.

5. Review the access-lists and the NAT configuration, remove the unwanted ones.

Re: ASA Firewall Hardening

Michael,

Here is a prety good article on firewalling best practices in general, just wait few seconds for the article to load.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci838230,00.html

Rgds

-Jorge

858
Views
5
Helpful
2
Replies