Adaptive Security Appliances - Essay Example

ASA provides three main security levels including:
Security Level 100 (Trusted network)
This is the highest trust level assigned to a network, mostly the internal network, by the ASA. The assignment is done by default to the trusted network by the ASA given its high network level as compared to the external network and the middle networks. ASA automatically allows the flow of packets from this high level to the lower un-trusted level without the need for an ACL explicitly allowing for the packet flow. (Santos, 2010)
Security Level 0 (Un-trusted network)
The un-trusted network, usually an outside network is allocated the lowest security level, 0, given its low network level besides the fact that it is the least trusted of all the network zones. ASA by default assigns the outside network security level of zero and automatically limits the flow of network packets from this level to the higher levels.
Security Level 1–99 (DMZ network)
This security zone falls between the higher level and the lower level and is automatically assigned an even number between 0 and 100 given that it is somewhat trusted and un-trusted at the same time. (Graham, 2010)


2. Briefly describe the 4 modes of CLI.
User EXEC Mode
User exec is the first level of access in the command line interface used for changing terminal settings, listing system information, and performing basic tasks. It uses AP> or Router > to prompt and log out of the command to exit.
Privileged EXEC Mode
This CLI mode should be password protected to prevent unauthorized use. It is accessed from the user exec mode by issuing the enable command. This model has a privileged command set which includes those at the user exec mode. To exit the mode, disable command is used. (Graham, 2010)
Global configuration Mode
This mode has commands that apply to features that affect the device as a whole. To access the global configuration mode, configure command is entered from the Privileged EXEC mode. Exit or end commands can be used to exit the global configuration mode.
Interface configuration Mode
This configuration mode is used to modify the configuration of the interface. The commands used in this mode usually follow the global configuration command used to define the interface type. To configure the interface using this mode, the terminal is specified from the global configuration mode followed by the specification of the interface through the interface command followed by the interface number and type. (Santos, 2010)
3. As an ASA admin, how would you choose to locally manage your ASA device and why?
Local management of the ASA device calls for the connection of the Serial console cable to the console port of the ASA. Console connection is the only available option for local management of ASA devices through the command line interface for those devices that are physically accessible without the need for encryption.

4. As an ASA admin, how would you remotely manage your device and why?
Remote management of ASA devices involves the transmission of crucial data such as the login details like usernames and passwords over the connecting media. As the ASA admin, I would choose to use an ASA device manager such as ASDM that encrypts the transmission channel ensuring communication security. It has a GUI that represents the data, unlike a command line interface such as telnet. (Graham, 2010)
5. How many copies of the system configuration are available on an ASA? What is the purpose of the different copies? Read More