03-19-2014 09:40 AM - edited 03-11-2019 08:58 PM
Hello all,
about to go through a penetration test and was wondering if there was a checklist of things to do to tighten down an ASA as much as possible. Something like 1) turn off this service 2) Set this to that. etc. I know every environment is different but I am looking for a general guidline.
Thanks in advance. Replies rated.
03-19-2014 12:07 PM
The Center for Internet Security has some benchmarks you can download from http://cisecurity.org/, including three for different Cisco firewall scenarios. One of them should fit your case fairly well, and be helpful.
The first 5 things to do are turn off telnet access in favor of SSHv2 and TLS, turn on NTP, crank up the crypto past the Cisco export defaults, limit what IP addresses can reach the management interface, and turn on remote sysloging.
-- Jim Leinweber, WI State Lab of Hygiene
03-19-2014 12:45 PM
Good pointers Jim.
I would also add - when turning on remote syslog for firewalls tune the logging level down to 4 or so and HAVE SOMEONE REVIEW AND ACT ONTHE LOG EVENTS. (Yes, I was shouting - Target had great security system (FireEye) in place but failed to act on the warning indicators it was giving them.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide