Hi all,

     I need your help in the next: One customer report to me vulnerabilities in the his Cisco ASA and Cisco 2811 and the vulnerabilities is this.

     1- OS Identification (Router). Synopsis: It is possible to guess the remote operating system. Description: Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc...) it is possible to guess the name of the remote operating system use, and sometimes its version

     2- Device Type (Router). Synopsis: It is possible to guess the remote device type. Description: Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, etc).

     3-Common Platform Enumeration (Router). Synopsis: It is possible to enumerate CPE names that matches on the remote system. Description: By using information obteined from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. See also: http://cpe.mitre.org/

     4- SSL Medium Streght Cipher Suites Supported (Router & ASA). Synopsis: The remote service supports the use of medium strenght SSL ciphers. Description: The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.

The Router is connected with isp for internet service only, and the ASA give vpn service, dmz service, policies, and be connected directly with the router by outside interface. The router IOS is c2800nm-advipservicesk9-mz.124-25f.bin, and ASA version 8.2 (5).

So my question is, how I can mitigate this vulnerabilities.? Is possible do it.? What you recommend me.?

Thanks so much for read me,