Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Business Security : Securing ASA/PIX Security Appliance Usernames and Passwords

Securing ASA/PIX Security Appliance Usernames and Passwords

Oct 11,2011 by admin

small font medium font large font
image

Securing ASA/PIX Security Appliance Usernames and Passwords

You should develop a password policy that helps to ensure that attackers cannot obtain access to your security appliance. In this book, the ASA/PIX Security Appliance is the most critical device in the network, and password protection is stressed in many different parts of this book.

Passwords should be at least eight characters and should have upper- and lowercase characters as well as special characters (numerals and +_)(*&^%$#@!). The password should never be a word that can be found in a dictionary. Many password-cracking programs available on the Internet assist hackers in breaking into password-protected devices or parsing and decrypting password files or password hashes. Because an eight-character password is difficult to remember, you might want to match your password to an easy-to-remember phrase. For example, the password Slatfatf42 could be matched to the phrase "so long and thanks for all the fish 42." Many administrators take it a step further and use obscure usernames as well as passwords. Instead of using admin or root, they use the same guidelines as passwords—a minimum of eight characters that should have upper- and lowercase characters as well as special characters (numerals and +_)(*&^%$#@!). The downside, of course, is that these names and passwords might be hard to remember. The upside is that it becomes exponentially difficult for a hacker to break into the security appliance with a brute-force password attack.

NOTE

Unless it's absolutely necessary, you would never allow management access to your security appliance from the outside. This would open the door for one of the oldest attacks on record, a brute-force password attack from the Internet. Not allowing management access from the outside also ensures that if a hacker wants to break into your security appliance, the hacker must first compromise a system on the inside. With defense in depth applied, this is a difficult, if not impossible, task. If you must allow management from the outside, you should use IPSec/VPN as the secure management connection.



304 times read

Related news
No matching news for this article
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.