Cisco ASA/Cisco Security is an outstanding lineup of security products that are designed for both small and large enterprises. This innovative range of security appliances provides users secure access to data anytime and virtually anywhere even with mobile devices. Additionally, Cisco ASA/Cisco Security is equipped with strong control and application identification features, and IT administrators who've already upgraded their ASA firewalls with the "X" versions can now add ASA CX features to their hardware in their branch offices and data centers and immediately benefit from them. For IT managers who haven't made the switch yet to Cisco ASA/Cisco Security or those who are still considering it should know that these devices now represent more than a million security products deployed globally and feature improved threat mitigation, management, integration and application controls.
Cisco being one of the biggest names in networking already has an established range of security offerings such as the VPN and PIX firewall appliances, but the ASA product also encompasses unified threat management solutions. Cisco UTM provides the perfect combination of effective management, easy deployment and proven security by consolidating key security applications such as antivirus, VPN and intrusion protection into one single efficient and trusted solution. Cisco UTM solutions deliver comprehensive functionality and business network security and can be managed from one central location.
Powered by Cisco Adaptive Security Appliance (ASA) Software, Cisco ASA/Cisco Security appliances are able to deliver stellar performance and firewall capabilities in an array of form factors to include virtual, blades and standalone devices. This operating system also integrates seamlessly with other important security technologies to provide solutions that can meet the evolving and demanding security needs. Cisco ASA/Cisco Security comes with an extensive list of features, but the most notable advantages include:
- Offers integrated unified, IPN and VPN communication capabilities
- Improves overall performance and increases capacity with the help of clustering
- Increases availability for demanding applications
- Provides context awareness through identity based firewall and TrustSec security tags Provides site to site VPN and dynamic routing on a per context basis
Cisco ASA/Cisco Security was faced with a daunting situation when it decided to add enhanced features to its next generation firewall to make it more mature and incorporate features such as application control and identification and others that were required by IT managers. The Modular Policy Framework introduced in 2009 was Cisco's first shot at adding next generation features and hovered above existing security policies. The ASA 5515-X is ships with an additional processing module and is one of the standard offerings in the lineup. Moving up a few notches to the ASA 5512-X through 5555-X, the context firewall is a software module in itself. In the class leading ASA 5585-X, the company offers two hardware variants - the SSP20 and SSP10. Both are capable of delivery up to 10GBS and more.
The Cisco ASA/Cisco Security family of security appliances is designed for businesses that need a UTM solution that covers SSL VPN's as well as firewalling, but also includes optional features such as intrusion prevention, anti-spam and anti-virus capabilities. Configuring Cisco ASA/Cisco Security appliances is relatively easy compared to other security offerings and starts with assigning a security value to each of the of the interfaces according to the potential of risks they may encounter.
For instance, external ports are deemed the most untrustworthy and therefore can be assigned lower values such as Zero and 3. Internal ports that reside on the LAN can be trusted to some level and can be assigned values in the range of 90 - 100. Next step in the Cisco ASA/Cisco Security setup is to install the firewall, which is easily achieved with the help of a quick start wizard that starts off y blocking all uninvited inbound traffic. Default and custom rules also need to be created and is simple process that requires you to choose an interface, adding source and destination networks and the relative services and actions.
The Cisco ASA/Cisco Security set up interface allows you to save multiple rules as security policies, but the catch is that they will only be called according to their position in the list. To give you a visual of the process, the software features a flow diagram that is set right below the list and indicates workability of a specific rule. This interface also known as the Adaptive Security Device Manager or ADSM can be installed locally or remotely and is easy to use and provides comprehensive status reports to include updates on system resources, Syslog messages and traffic throughput. The ADSM also provides easy access to the interScan components through a dedicated interface, where you can set up scanning rules for web browser, mail and FTP traffic.
There are also separate sections for SMTP and POP3 traffic allowing you to create distinct policies for outbound and inbound mail. The InterScan security suite courtesy of Trend Micro has the ability to detect keywords in subject lines of emails and message content, and can also scan, clean and delete infection attachments. Setting up the anti-spam component is simple and is just a matter of choosing from three scanning levels and setting up white and black senders lists. In terms of blocking unauthorized web traffic, you can use the included content filtering abilities or simply URL blocking lists.
You can also define interfaces and set up sensors from a separate interface - the Cisco Intrusion Detection Manager Utility. This application allows you to access the Cisco Secure Desktop remotely by simply running the software. Cisco ASA/Cisco Security supports cryptographic algorithms and other next generation encryption standards, and integrates seamlessly with Cisco Cloud based security applications to enhance web based threat protection. Cisco ASA/Cisco Security comes standard with a wide range of security features and long list of upgrade options, making it a easy to customize and implement in your existing IT infrastructure.
Would love to here from you...