Do you know a good and comprehensive hardening guideline for ASAs? I am looking for a reliable reference or baseline for my projects, as I see various practices and I don’t always know what is acceptable or not…
For instance, I have an AAA configured ASA, but still I can read the following:
enable password xxxx level 5 encrypted enable password xxxx encrypted passwd xxxx encrypted
I’m pretty sure not all these are necessary and/or secure.
Let me know your thoughts,