Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
692
Views
0
Helpful
2
Replies

ASA Card

Go to solution
Mero Cisco
Level 1
Level 1

‎05-21-2012 05:26 AM - edited ‎03-11-2019 04:09 PM

Hi,

I have got a link of 6 Mbps internet connection. I want to secure my internet from every prospective. What should I keep, will the ASA 5510 sufficient for me. Which card should I install to get the maximum security levcel. Is AIP service module sufficient for me.

Thanks in advance for your kind support.

- Mero

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2012 03:38 PM

Hello,

I would say the ASA its a really great security box but I would suggest to buy an AIP-SSM security card for any treath that could be triggered by one of its signatures.

Remember that cisco recommends the defense-in-depth witch is based on different layers of security.. That being said the AIP-SSM with the ASA will provide a great layer of security to your network.

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
hobbe
Level 7
Level 7

‎05-22-2012 12:46 AM

Hi

First of all a 6Mb link does not tell us everything needed to make an assessment of what is sufficient for you.

6Mbit with 1 million users ? with 200 servers and so on gives us many unknowns.

However that said.

A 6Mb link normally would not be a problem for a 5505 and there is one model where you can setup with a ssm card.

BUT there is a wildcard in the deck, in your case the new asa5512-x or 5515-x. Since you can order it, but i have yet to know if they are beeing shipped they are very interesting since they will become the "new" asa and the old ones (incl 5510) will most likely be EOS (End Of Sales) not far from now.

I totally agree on layer on layer of security, 

the best thing you can do is to build your security like an union. layer upon layer upon layer.

if you are serious about security then you should also make sure you log things and so on.

The most important part of security, of any type, is knowledge.

Understand your equipment,

understand your enemy (flood, fire, blackouts, thiefs, hackers and so on) 

and most of all understand your own limitations. what you can and what you can not do.

If you are mentally prepared for an event and have a rudamentary plan on how to deal with it,

you are ahead of 80% of the competition.

In this game knowledge and imagination is everything. if you can imagine it, someone somewhere will eventually do it.

The problem lies in that the whole organisation has to be aware and understand the importance of security.

That is one big rock to roll.

One key aspect of knowledge is that you need to understand that you can never stop a APT (Advanced Persistent Threat) simply put you do not have the resources to do so, and if you did, we would not have this discussion.

so if you can not stop an APT then what can you do ? well it is always the lowest hanging fruit that gets picked.

in the real world, if a burgler sees a sign that states that there is an alarm or hears a dog and so on,  if there is nothing very special they are after in your house the burgler will go to the next house and burgler that house instead.

its just easier and less risk involved to do that.

Good luck

HTH

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎05-21-2012 03:38 PM

Hello,

I would say the ASA its a really great security box but I would suggest to buy an AIP-SSM security card for any treath that could be triggered by one of its signatures.

Remember that cisco recommends the defense-in-depth witch is based on different layers of security.. That being said the AIP-SSM with the ASA will provide a great layer of security to your network.

Regards,

Do rate all the helpful posts

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
hobbe
Level 7
Level 7

‎05-22-2012 12:46 AM

Hi

First of all a 6Mb link does not tell us everything needed to make an assessment of what is sufficient for you.

6Mbit with 1 million users ? with 200 servers and so on gives us many unknowns.

However that said.

A 6Mb link normally would not be a problem for a 5505 and there is one model where you can setup with a ssm card.

BUT there is a wildcard in the deck, in your case the new asa5512-x or 5515-x. Since you can order it, but i have yet to know if they are beeing shipped they are very interesting since they will become the "new" asa and the old ones (incl 5510) will most likely be EOS (End Of Sales) not far from now.

I totally agree on layer on layer of security, 

the best thing you can do is to build your security like an union. layer upon layer upon layer.

if you are serious about security then you should also make sure you log things and so on.

The most important part of security, of any type, is knowledge.

Understand your equipment,

understand your enemy (flood, fire, blackouts, thiefs, hackers and so on) 

and most of all understand your own limitations. what you can and what you can not do.

If you are mentally prepared for an event and have a rudamentary plan on how to deal with it,

you are ahead of 80% of the competition.

In this game knowledge and imagination is everything. if you can imagine it, someone somewhere will eventually do it.

The problem lies in that the whole organisation has to be aware and understand the importance of security.

That is one big rock to roll.

One key aspect of knowledge is that you need to understand that you can never stop a APT (Advanced Persistent Threat) simply put you do not have the resources to do so, and if you did, we would not have this discussion.

so if you can not stop an APT then what can you do ? well it is always the lowest hanging fruit that gets picked.

in the real world, if a burgler sees a sign that states that there is an alarm or hears a dog and so on,  if there is nothing very special they are after in your house the burgler will go to the next house and burgler that house instead.

its just easier and less risk involved to do that.

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card