Implementing Core Cisco ASA Security (SASAC)

 ASA uses a security level associated with each interface. It is a number between 0 to 100 that defines the trustworthiness of the network that the interface is connected to; the bigger the number, the more trust you have in the network. For example, the most secure network, such as the inside LAN, should have the security level of 100. The outside network connected to an untrusted network (such as the Internet) should have the level of 0. The interface connected to the DMZ should have the security level set to somewhere between 1 and 99 (usually 50).


Security levels are used to define how traffic initiated from one interface is allowed to return from another interface. By default, the higher level security interfaces can initiate traffic to a lower level. The stateful inspection determines whether the reply traffic is allowed to make it back through. The following picture illustrates the concept:


  • level 100 for the inside network
  • level 50 for the DMZ network
  • level 0 for the outside network

By default, ASA will stop all initial traffic that is trying to go from lower security levels to higher security levels. This means that, for example, a server on the outside network will not be able to start a converation with the server in our DMZ network or with the host in the inside network. The server in DMZ can initialize traffic out to the outside (from high to low, 50 to 0), but it can not initialize a conversation to the inside (from low to high, 50 trying to go to 100). The host on the inside can initiate traffic to both the DMZ and Internet server. When the server on the outside replies back to the inside host, the ASA will dynamically allow that return traffic.

find more : lan manager authentication level windows 7

Comments

  1. Thanks for sharing a great article.
    You are providing wonderful information, it is very useful to us.
    Keep posting like this informative articles.
    Thank you.

    Get to know about 4movierulz

    ReplyDelete
  2. Thanks for sharing a great article.
    You are providing wonderful information, it is very useful to us.
    Keep posting like this informative articles.
    Thank you.

    Get to know about 13377x

    ReplyDelete
  3. Computer networks are the basis of communication in IT. They are used in a huge variety of ways and can include many different types of network. A computer network is a set of computers that are connected together so that they can share information. The earliest examples of computer networks are from the 1960s, but they have come a long way in the half-century since then.

    computer network

    ReplyDelete
  4. 7StarHD, a piracy website having a huge collection of pirated movies, now can be easily downloaded and viewed by netizens without paying for it. It, thus, is coming absolutely free. It, however, is illegal. One can unlawfully make use of 7StarHD to view HD versions of movies produced by Bollywood, Hollywood, Tollywood, and more Indian regional language films by downloading them for free.
    7Starhd

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete

Post a Comment

Popular posts from this blog

Netware Makes a Splash

How CrackStation Works