Ensure ‘aaa local authentication max failed attempts’ is set to less than or equal to ‘3’
Details Limits the maximum number of times a local user can enter a wrong password before being locked out Rationale:...
- Home
- Security Hardening
- Tenable Cisco Firepower Best Practices
Tenable Cisco Firepower Best Practices
Ensure ‘console session timeout’ is less than or equal to ‘5’ minutes
Details Sets the idle timeout for a console session before the security appliance terminates it. Rationale: Limiting session timeout prevents...Ensure DNS services are configured correctly – domain-lookup
Details Sets DNS server(s) to be used by the appliance to perform DNS queries Rationale: The security appliance may perform...Ensure DNS services are configured correctly – name-server
Details Sets DNS server(s) to be used by the appliance to perform DNS queries Rationale: The security appliance may perform...Ensure ‘EIGRP authentication’ is enabled
Details Enables the authentication of EIGRP neighbor before routing information is received from the neighbor Rationale: Enabling the routing protocol...Ensure email logging is configured for critical to emergency
Details Enables logs to be sent to an email recipient for critical to emergency logs’ severity s Rationale: In some...Ensure ‘Failover’ is enabled
Details Enables failover between the security appliance and another security appliance in order to achieve high availability Rationale: Enabling failover...Ensure ‘Host Name’ is set
Details Changes the device default hostname Rationale: The device hostname plays an important role in asset inventory and identification as...Ensure ‘HTTP source restriction’ is set to an authorized IP address
Details Determines the client IP addresses that are allowed to connect to the security appliance through HTTP Rationale: One key...Ensure ICMP is restricted for untrusted interfaces
Details Allows ICMP traffic for specific hosts or subnets and denies ICMP traffic for all other sources Rationale: ICMP is...