Ensure ActiveX filtering is enabled
Details Removes ActiveX controls from the HTTP reply traffic received on the security appliance. Rationale: ActiveX controls are used to...
- Home
- Security Hardening
- CIS Cisco ASA 9.x Firewall L2 V1.0.0
CIS Cisco ASA 9.x Firewall L2 V1.0.0
Ensure ‘BGP authentication’ is enabled
Details BGP is an inter and intra autonomous system routing protocol. An autonomous system is a network or group of...Ensure Botnet protection is enabled for untrusted interfaces
Details Filters Botnet traffic on the untrusted interface Rationale: In a Botnet condition, many computers in the Enterprise network after...Ensure ‘DNS Guard’ is enabled
Details Enables the protection against DNS cache poisoning attacks Rationale: A DNS cache is poisoned when it contains incorrect entries...Ensure ‘EIGRP authentication’ is enabled
Details Enables the authentication of EIGRP neighbor before routing information is received from the neighbor Rationale: Enabling the routing protocol...Ensure ‘HTTP source restriction’ is set to an authorized IP address
Details Determines the client IP addresses that are allowed to connect to the security appliance through HTTP Rationale: One key...Ensure Java applet filtering is enabled
Details Removes Java applets from the HTTP reply traffic crossing the security appliance. Rationale: Java applets enhance users’ Web experience...Ensure ‘noproxyarp’ is enabled for untrusted interfaces
Details Disables the Proxy-ARP function on untrusted interfaces Rationale: The ASA replies to ARP requests performed to IP addresses belonging...Ensure ‘OSPF authentication’ is enabled
Details Enables the authentication of OSPF neighbor before routing information is received from the neighbor Rationale: Enabling the routing protocol...Ensure ‘RIP authentication’ is enabled
Details Enables the authentication of RIPv2 neighbor before routing information is received from the neighbor Rationale: Enabling the routing protocol...