Cisco Cisco ASA 5555-X Adaptive Security Appliance Manuale Tecnico
Trivial File Transfer Protocol
●
Secure Copy Protocol
●
TACACS+
●
RADIUS
●
NetFlow
●
Network Time Protocol
●
Syslog
●
ICMP
●
SMB
●
Note: Enabling TELNET is not recommended as it's plain text.
Password Management
Passwords control access to resources or devices. This is accomplished through the definition a
password or secret that is used in order to authenticate requests. When a request is received for
access to a resource or device, the request is challenged for verification of the password and
identity, and access can be granted, denied, or limited based on the result. As a security best
practice, passwords must be managed with a TACACS+ or RADIUS authentication server.
However, note that a locally configured password for privileged access is still needed in the event
of failure of the TACACS+ or RADIUS services. A device can also have other password
information present within its configuration, such as an NTP key, SNMP community string, or
Routing Protocol key.
password or secret that is used in order to authenticate requests. When a request is received for
access to a resource or device, the request is challenged for verification of the password and
identity, and access can be granted, denied, or limited based on the result. As a security best
practice, passwords must be managed with a TACACS+ or RADIUS authentication server.
However, note that a locally configured password for privileged access is still needed in the event
of failure of the TACACS+ or RADIUS services. A device can also have other password
information present within its configuration, such as an NTP key, SNMP community string, or
Routing Protocol key.
ASA uses Message Digest 5 (MD5) for password hashing. This algorithm has had considerable
public review and is not known to be reversible. However, the algorithm is subject to dictionary
attacks. In a dictionary attack, an attacker tries every word in a dictionary or other list of candidate
passwords in order to find a match. Therefore, configuration files must be securely stored and only
shared with trusted individuals.
public review and is not known to be reversible. However, the algorithm is subject to dictionary
attacks. In a dictionary attack, an attacker tries every word in a dictionary or other list of candidate
passwords in order to find a match. Therefore, configuration files must be securely stored and only
shared with trusted individuals.
Enable HTTP Service
To use ASDM, you need to enable the HTTPS server, and allow HTTPS connections to the ASA.
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if
available, with a maximum of 32 ASDM instances between all contexts. To configure ASDM
access use:
The security appliance allows a maximum of 5 concurrent ASDM instances per context, if
available, with a maximum of 32 ASDM instances between all contexts. To configure ASDM
access use:
http server enable <port>
Allow only the IP's which are needed in the ACL list. Allowing a wide access is a wrong practise.
http 0.0.0.0 0.0.0.0 <interface>
Configure ASDM Access Control :
http <remote_ip_address> <remote_subnet_mask> <interface_name>
Starting with ASA software release 9.1(2),8.4(4.1), The ASA now supports the following
ephemeral Diffie-Hellman (DHE) SSL cipher suites.
ephemeral Diffie-Hellman (DHE) SSL cipher suites.
DHE-AES128-SHA1
DHE-AES256-SHA1
DHE-AES256-SHA1