How to Get The Most Out Of Your Cisco ASA Firewall

Cisco Adaptive Security Appliances (ASA) and their software are among the most robust and powerful security solutions available for medium-to-large sized businesses.  An ASA goes far beyond merely being a firewall -although that functionality is included- and can provide comprehensive security that touches on nearly every aspect of corporate network security.

Anyone looking at investing in a Cisco ASA firewall should be aware going in of how powerful it is, and how much it can potentially do.  So today, we wanted to briefly cover some of the most important functions that are available by a Firepower or Threat Defense subscription license .  For full information on enabling and configuring these features, we recommend following Cisco's own Threat Defense Configuration Guide.

Highlighting The Power Of Cisco Adaptive Security Appliances

1 - Intrusion Prevention System

One of the most critical features of ASA devices is their Intrusion Prevention System.  IPS can actively scan all access and usage, consistently looking for rogue activity which may indicate an intrusion attempt.  Use of the IPS does require a valid and activated "Threat" License.

It includes a number of default policies, organized according to the amount of security they offer vs the amount of connectivity issues or slowdown that may be caused.  However, the Intrusion Policy tab in the software also allows users to define specific rules and activity customized for their needs, making this an excellent tool - although one which could potentially impact legitimate usage if too-strict policies are implemented.

2 - Advanced Malware Protection

Another major feature of interest in Cisco ASA devices is the Advanced Malware Protection, or AMP.  Cisco has one of the most comprehensive and respected vulnerability and virus-analysis labs in the world, and the AMP benefits directly from that lab's efforts.  A cloud-based system compares any questionable file or activity to a vast database of known threats, and instantly takes documented action to stop them if detected.

With the "Malware" license installed, users have access to the Policies/Access Control menu, where they can configure the extent of AMP's usage.  For testing purposes -or sandbox use- it can be set to only query the cloud database without taking action, or operate totally autonomously.  Other File Control options allow you to control the activity of specific apps, like the uploading access of Microsoft Word, to further fine-tune your protection.

3 - Network Traffic Insights

Cisco ASA also gives you substantial tools for overseeing the usage of your network, beyond even the standard tools included with most Cisco networking appliances.  Since an ASA device has access to the entire network, you can get high-level oversights of activity, and see information such as:

• Which users are logging the most activity.
• Which websites or other servers are most-commonly accessed.
• What devices are being used.
• Which access control policies are being activated most often.

Everything is sent to configurable dashboards that give quick overviews.  You also get robust options to shape access control, restrict devices, and make other global\high-level changes to your overall policies.  

4 - URL Filtering

Along the same lines, the access control can also be used to craft -and enforce- usage policies via URL filtering, if you have the "URL" License.  It includes many pre-set categories, such as "Adult Sites" or "Social Media" that many businesses will want to simply ban across the board.  However, customized whitelists are possible, as is the creation of "zones" which allow access from certain areas or users but not others.

Combined, this gives administrators truly advanced control over their network and systems security.

Improve Your Security With Hummingbird

Hummingbird can provide full security checks, including live intrusion testing, to help ensure your systems are truly secure.  Contact us directly to learn more.