Cisco Cisco ASA 5550 Adaptive Security Appliance Manual Técnica
In order to gain knowledge about existing, emerging, and historic events related to security incidents, your organization must have a unified
strategy for event logging and correlation. This strategy must leverage logging from all network devices and use pre-packaged and customizable
correlation capabilities.
strategy for event logging and correlation. This strategy must leverage logging from all network devices and use pre-packaged and customizable
correlation capabilities.
After centralized logging is implemented, you must develop a structured approach to log analysis and incident tracking. Based on the needs of
your organization, this approach can range from a simple diligent review of log data to advanced rule-based analysis.
your organization, this approach can range from a simple diligent review of log data to advanced rule-based analysis.
Use Secure Protocols When Possible
Many protocols are used in order to carry sensitive network management data. You must use secure protocols whenever possible. A secure
protocol choice includes the use of SSH instead of Telnet so that both authentication data and management information are encrypted. In
addition, you must use secure file transfer protocols when you copy configuration data. An example is the use of the Secure Copy Protocol (SCP)
in place of FTP or TFTP.
protocol choice includes the use of SSH instead of Telnet so that both authentication data and management information are encrypted. In
addition, you must use secure file transfer protocols when you copy configuration data. An example is the use of the Secure Copy Protocol (SCP)
in place of FTP or TFTP.
Gain Traffic Visibility with NetFlow
NetFlow enables you to monitor traffic flows in the network. Originally intended to export traffic information to network management
applications, NetFlow can also be used in order to show flow information on a router. This capability allows you to see what traffic traverses the
network in real time. Regardless of whether flow information is exported to a remote collector, you are advised to configure network devices for
NetFlow so that it can be used reactively if needed.
applications, NetFlow can also be used in order to show flow information on a router. This capability allows you to see what traffic traverses the
network in real time. Regardless of whether flow information is exported to a remote collector, you are advised to configure network devices for
NetFlow so that it can be used reactively if needed.
Configuration Management
Configuration management is a process by which configuration changes are proposed, reviewed, approved, and deployed. Within the context of a
Cisco ASA device configuration, two additional aspects of configuration management are critical: configuration archival and security.
Cisco ASA device configuration, two additional aspects of configuration management are critical: configuration archival and security.
You can use configuration archives to roll back changes that are made to network devices. In a security context, configuration archives can also
be used in order to determine which security changes were made and when these changes occurred. In conjunction with AAA log data, this
information can assist in the security auditing of network devices.
be used in order to determine which security changes were made and when these changes occurred. In conjunction with AAA log data, this
information can assist in the security auditing of network devices.
The configuration of a Cisco ASA device contains many sensitive details. Usernames, passwords, and the contents of access control lists are
examples of this type of information. The repository that you use in order to archive Cisco ASA device configurations needs to be secured.
Insecure access to this information can undermine the security of the entire network.
examples of this type of information. The repository that you use in order to archive Cisco ASA device configurations needs to be secured.
Insecure access to this information can undermine the security of the entire network.
Management Plane
The management plane consists of functions that achieve the management goals of the network. This includes interactive management sessions
that use SSH, as well as statistics-gathering with SNMP or NetFlow. When you consider the security of a network device, it is critical that the
management plane be protected. If a security incident is able to undermine the functions of the management plane, it can be impossible for you to
recover or stabilize the network.
that use SSH, as well as statistics-gathering with SNMP or NetFlow. When you consider the security of a network device, it is critical that the
management plane be protected. If a security incident is able to undermine the functions of the management plane, it can be impossible for you to
recover or stabilize the network.
Hardening Management Plane
The management plane is used in order to access, configure, and manage a device, as well as monitor its operations and the network on which it
is deployed. The management plane is the plane that receives and sends traffic for operations of these functions. This list of protocols is used by
the management plane:
is deployed. The management plane is the plane that receives and sends traffic for operations of these functions. This list of protocols is used by
the management plane:
Simple Network Management Protocol
Secure Shell Protocol
File Transfer Protocol
Trivial File Transfer Protocol
Secure Copy Protocol
TACACS+
RADIUS
NetFlow
Network Time Protocol
Syslog
ICMP
SMB
Secure Shell Protocol
File Transfer Protocol
Trivial File Transfer Protocol
Secure Copy Protocol
TACACS+
RADIUS
NetFlow
Network Time Protocol
Syslog
ICMP
SMB
Note: Enabling TELNET is not recommended as it's plain text.
Password Management
Passwords control access to resources or devices. This is accomplished through the definition a password or secret that is used in order to
authenticate requests. When a request is received for access to a resource or device, the request is challenged for verification of the password and
identity, and access can be granted, denied, or limited based on the result. As a security best practice, passwords must be managed with a
TACACS+ or RADIUS authentication server. However, note that a locally configured password for privileged access is still needed in the event
authenticate requests. When a request is received for access to a resource or device, the request is challenged for verification of the password and
identity, and access can be granted, denied, or limited based on the result. As a security best practice, passwords must be managed with a
TACACS+ or RADIUS authentication server. However, note that a locally configured password for privileged access is still needed in the event