By Ryan Lindfield
For those of you who have taken the Adaptive Security Appliance (ASA) course with me in the past (8.0 and earlier), this article will serve as a brief introduction to a few of the new features recently released by Cisco that I thought you may be interested in. This may also prove helpful to those of you who have not taken the course but who administer or those who are considering using the Cisco ASA 5500 series firewalls.
SNMP V3
Over the last several years, when the topic of Simple Network Management Protocol (SNMP) was discussed by security engineers or auditors, the best practice was said to be disabling it. While this was not always an option due to the loss of functionality from a management perspective, it often proved to be a necessity from a security standpoint, due to the lack of encryption of management traffic. While routers and switches have supported this functionality for quite some time, it has just recently surfaced on the ASA.
As of version 8.2 of the ASA, SNMP V3 is supported, including support of Data Encryption Standard (DES), 3DES, and Advanced Encryption Standard (AES) for protection of management data. This is great news to those of you who are required to support SNMP, yet are also expected to pass annual security audits. The only question that remains is whether or not your monitoring software supports SNMP V3.
ASA Specialist CertificationEMAIL: training@boson.com
813-925-0700 (opt 2)
877-333-EXAM (opt 2)
FAX: 813-925-3957