I was informed by our security auditors that the http service on my asa outside interface is providing type details and is recommended to configure it to not disclose such detail. Not exactly sure what this means and the risk of having this on, but I'm in need of some assistance on accomplishing this task. Would someone shed some lights on this please using cli on IOS 7.2?
I'm not sure if this is what they mean but perhaps you have configured the following configuration on the ASA CLI
"http 0.0.0.0 0.0.0.0 outside" (Provided your ASA interface facing Internet is named "outside")
This would atleast make it possible for anyone to reach your ASDM launch/install page I suppose on the ASA. The one you yourself have probably used at some point when installing ASDM on your computer.
Personally majority of the ASAs that I configure arent reachable with ASDM from any network on the outside network. And also I dont use ASDM for anything else then monitoring and perhaps some VPN configurations.
Here is an example of the Web page I get if I just connect to the ASA from LAN with Web browser
It shows the ASDM version on the ASA
It doesnt exactly tell the version of ASA you are using but it does give you some information with which a person will know if you are using a PIX or ASA (maybe FWSM also, I really havent tested) and can get some idea what your actual ASA software level is.
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln...
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...