11-29-2012 10:48 AM - edited 03-11-2019 05:30 PM
Hello,
I was informed by our security auditors that the http service on my asa outside interface is providing type details and is recommended to configure it to not disclose such detail. Not exactly sure what this means and the risk of having this on, but I'm in need of some assistance on accomplishing this task. Would someone shed some lights on this please using cli on IOS 7.2?
Many thanks in advance.
11-29-2012 01:08 PM
Hi,
I'm not sure if this is what they mean but perhaps you have configured the following configuration on the ASA CLI
"http 0.0.0.0 0.0.0.0 outside" (Provided your ASA interface facing Internet is named "outside")
This would atleast make it possible for anyone to reach your ASDM launch/install page I suppose on the ASA. The one you yourself have probably used at some point when installing ASDM on your computer.
Personally majority of the ASAs that I configure arent reachable with ASDM from any network on the outside network. And also I dont use ASDM for anything else then monitoring and perhaps some VPN configurations.
- Jouni
11-29-2012 01:39 PM
Here is an example of the Web page I get if I just connect to the ASA from LAN with Web browser
It shows the ASDM version on the ASA
It doesnt exactly tell the version of ASA you are using but it does give you some information with which a person will know if you are using a PIX or ASA (maybe FWSM also, I really havent tested) and can get some idea what your actual ASA software level is.
- Jouni
11-29-2012 01:52 PM
Let me see if I can get some additional information from them and will post back.
11-30-2012 01:50 PM
The service type they referred to is the Cisco Systems WebVPN Service type description that appears on the vpn clientless logon web portal. See screenshot for reference.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide