A common attack found on TCP/IP networks is IP spoofing. This is usually used for Denial-of-Service, Identity hiding, or even to bypass firewalls or Access-Lists security rules. The spoofing attack works like that: A malicious attacker sends packets towards a target host. The attacker disguises itself by inserting a fake source IP into the packet. […]

The Cisco ASA firewall offers excellent protection for Denial of Service attacks, such as SYN floods, TCP excessive connection attacks etc. Using the new Policy Framework functionality, the ASA administrator can configure granular controls for TCP Connection limits and timeouts. For example, we can control and limit the maximum number of simultaneous TCP and UDP connections […]

When it comes to authentication services in networking and IT systems in general, the best practice is to have a centralized authentication system which contains the user account credentials in a secure way and controls all authentication and authorization. This is why Active Directory in Microsoft environments is such a useful and powerful authentication scheme. […]

All Cisco ASA firewall models from 5510 and higher (including the newer generation of 5500-X appliances), include an extra dedicated Ethernet interface for management. In this article we will provide a basic example of configuring network settings to the dedicated management interface and also SSH access in order to connect to the appliance through the […]

The following article describes how to configure Access Control Lists (ACL) on Cisco ASA 5500 and 5500-X firewalls. An ACL is the central configuration feature to enforce security rules in your network so it is an important concept to learn. The Cisco ASA 5500 is the successor Cisco firewall model series which followed the successful […]

One of the most useful troubleshooting features of Cisco ASA firewalls is to use the “packet-tracer” command to trace and simulate how a packet will traverse through the ASA appliance in order to identify possible problems (such as why a packet is blocked etc). The packet tracing feature was introduced in Cisco ASA firewall version […]

Device virtualization is one of the most popular topics in IT industry today and Cisco has been supporting this concept in the majority of its network devices. In this article we will talk about Cisco ASA virtualization, which means multiple virtual firewalls on the same physical ASA chassis. Virtual ASA is also known as “Security […]

Although the Cisco ASA appliance does not act as a router in the network, it still has a routing table and it is essential to configure static or dynamic routing in order for the appliance to know where to send packets. When a packet arrives to a network interface on the ASA firewall, the packet […]

On my previous post I talked about Cisco ASA Active/Active configuration. In this post I will describe Active/Standby redundancy which is used much more frequently compared with the active/active scenario. ASA Active/Standby failover/redundancy means connecting two identical ASA firewall units via LAN cable so that when one device or interface fails then the second one […]

It is a good security practice to configure a Warning login banner on your Cisco ASA firewall appliance for unauthorized access attempts. In this article we will describe how to configure such a banner for different ways available for connecting to the appliance such as using the graphical interface (ASDM), session, login etc. The command […]

The Cisco ASA appliance retains clock settings in memory via a battery on the device motherboard. Even if the device is turned off, the clock is retained in memory. Configuring accurate time settings on the appliance is important for logging purposes since syslog messages can contain a time stamp according to the device clock time […]