[c-nsp] Pix hardening

[Kim Onnel]

> no ICMP services are enabled for the outside interface (meaning that I
> didn't turn any on, not sure if any are on by default that shouldn't)

ASA (adaptive security algorithm) by default will not allow any type
of traffic from the lower security interface to the higher
one(outbound to inbound) unless you explicitly break that and allow
any using the commands 'static + access-list' used to be 'conduit' on
older FOS

so no ICMP or anything else.

> Anything else that should be added or changed?

that much depends on where you placed it, what is it protecting, is
this FOS vulnerable in any kind, is there a fail over, power supply,
redundant power supply, ...


-- 
~Kim