[c-nsp] Pix hardening
Kim Onnel
karim.adel at gmail.com
Tue Dec 14 09:15:03 EST 2004
> no ICMP services are enabled for the outside interface (meaning that I
> didn't turn any on, not sure if any are on by default that shouldn't)
ASA (adaptive security algorithm) by default will not allow any type
of traffic from the lower security interface to the higher
one(outbound to inbound) unless you explicitly break that and allow
any using the commands 'static + access-list' used to be 'conduit' on
older FOS
so no ICMP or anything else.
> Anything else that should be added or changed?
that much depends on where you placed it, what is it protecting, is
this FOS vulnerable in any kind, is there a fail over, power supply,
redundant power supply, ...
--
~Kim
More information about the cisco-nsp
mailing list