Cisco Cisco ASA 5550 Adaptive Security Appliance Manuale Tecnico

This document contains information to help you secure Cisco ASA devices, which increases the overall security of your network. This document
is structured in 4 Sections

    Management Plane Hardening - This applies to all ASA related Management/To the box traffic like SNMP,SSH etc.
    Securing config - Commands through which we can stop populating the passwords etc for the running config etc
    Logging and Monitoring - This applies to any settings related to logging on ASA.
    Through Traffic - This applies to the traffic which goes through the ASA.

   
The coverage of security features in this document often provides enough detail for you to configure the feature. However, in cases where it does
not, the feature is explained in such a way that you can evaluate whether additional attention to the feature is required. Where possible and
appropriate, this document contains recommendations that, if implemented, help secure a network.

There are no specific requirements for this document.

The information in this document is based on these software and hardware versions:

Cisco ASA5500-X 9.4(1) and later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started
with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

This configuration can also be used with Cisco ASA 5500-X Series Security Appliance Software Version 9.x.

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Secure network operations is a substantial topic. Although most of this document is devoted to the secure configuration of a Cisco ASA device,
configurations alone do not completely secure a network. The operational procedures in use on the network contribute as much to security as the
configuration of the underlying devices.

These topics contain operational recommendations that you are advised to implement. These topics highlight specific critical areas of network
operations and are not comprehensive.

The Cisco Product Security Incident Response Team (PSIRT) creates and maintains publications, commonly referred to as PSIRT Advisories, for
security-related issues in Cisco products. The method used for communication of less severe issues is the Cisco Security Response. Security
advisories and responses are available at PSIRT.

Additional information about these communication vehicles is available in the Cisco Security Vulnerability Policy.

In order to maintain a secure network, you need to be aware of the Cisco security advisories and responses that have been released. You need to
have knowledge of a vulnerability before the threat it can pose to a network can be evaluated. Refer to Risk Triage for Security Vulnerability
Announcements for assistance this evaluation process.

The Authentication, Authorization, and Accounting (AAA) framework is vital to secure network devices. The AAA framework provides
authentication of management sessions and can also limit users to specific, administrator-defined commands and log all commands entered by all
users. See the Authentication, Authorization, and Accounting section of this document for more information about how to leverage AAA.