Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
1
Replies

ASA 5505 Security Tips

allen.malanda_2
Level 1
Level 1

‎01-09-2008 07:41 AM - edited ‎03-11-2019 04:45 AM

My company is using an ASA 5505 for security. I've enable IP Audit and IP verify reverse-path. Are there any other securities tips build in the device? Or, what is the best way to secure your network with ASA 5505

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-09-2008 08:30 PM

The best way to secure your network with it is to simply plug it in between the Internet and your network. By default all outbound traffic (to the Internet) will be allowed (assuming you set up NAT rules as necessary) and all inbound traffic (from the Internet) will be denied.

If you don't specifically allow any inbound traffic into your network then "ip audit" is not going to be of much use to you, and "ip verify reverse-path" will benefit the rest of the Internet community by not allowing any of your internal PC's to send out spoofed packets.

If you need to allow inbound traffic make sure to only allow the bare minimum in, that is specifically define the protocol, port and destination IP addresses in your access-list. Turn on protocol inspection using the "inspect ..." command if there is an inspection for the protocol in question.

Set up a syslog server and log all your level 1-4 syslog messages to it and archive them off for future reference.

Other than that, have fun and relax.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card