10-05-2011 04:07 AM
Hello Guys,
I am using ASA 8.2( 1) with sslclient-win-1.1.0.154 for 100+ users from a very long time, However i would like to use the the latest SSL client
or any connect client for Windows XP.
I would like know the secuirty point of vulnarabilities ( cleint being hacked/ encryption issue) while using on sslclient-win-1.1.0.154.
Can any one share me security release notes showing secuirty point of vulnarabilities while using this client.
Second query , I am using ASA with 8.2( 1) and would like to upgrade as per the below memory avaiblle and unfortunately we can not upgrade to 8.3
Can any please tell me what is best fit IOS for this available memory.
Internet-ASA# sh version | include RAM
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Third Query - Can you please advise for the below requirement.
1) One ASA 5520 FW is being used for Remote access VPN and i want to set the baseline securty ACL parameters to prevent from hacker any other vulnarabilities
2)One ASA 5520 FW is being used for Internet Firewall and i want to set the baseline securty ACL parameters to prevent from hacker any other vulnarabilities
Appreciate all your posts !
Regards,
KA.
10-08-2011 11:54 PM
Hello,
Appreciate if somebody help on this.
Regards,
KA.
10-09-2011 12:27 AM
Hi KA,
1)
EOL notice:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5699/ps10884/end_of_life_c51-680820.html
For any vulnarability:
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
2) You can run anything up to 8.2.x (and before). 8.2.5 is the latest.
3) ACLs are used for policy enforcement, there is no "basline" as all setups are different.
If you think ACLs will stop hackers and vulnarabilities I would suggest checking how many attacks are happening in network layer and how many at application.
You can set ACLs to whatever makes sense to you, being more strict with ACLs will make sense if you want to avoid unused services being EXPOSED to threats. You need to remember that ASA is a stateful device that is based around domains of trust... You can for sure find "best practices" around the internet for your ACLs, just be aware that they might not 100% suit your needs.
HTH,
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide