Firewalling for Noobs

Scott Hanson · ‎03-19-2014

Hello all,

about to go through a penetration test and was wondering if there was a checklist of things to do to tighten down an ASA as much as possible. Something like 1) turn off this service 2) Set this to that. etc. I know every environment is different but I am looking for a general guidline.

Thanks in advance. Replies rated.

James Leinweber · ‎03-19-2014

The Center for Internet Security has some benchmarks you can download from http://cisecurity.org/, including three for different Cisco firewall scenarios. One of them should fit your case fairly well, and be helpful.

The first 5 things to do are turn off telnet access in favor of SSHv2 and TLS, turn on NTP, crank up the crypto past the Cisco export defaults, limit what IP addresses can reach the management interface, and turn on remote sysloging.

-- Jim Leinweber, WI State Lab of Hygiene

Marvin Rhoads · ‎03-19-2014

Good pointers Jim.

I would also add - when turning on remote syslog for firewalls tune the logging level down to 4 or so and HAVE SOMEONE REVIEW AND ACT ONTHE LOG EVENTS. (Yes, I was shouting - Target had great security system (FireEye) in place but failed to act on the warning indicators it was giving them.)