Do you know a good and comprehensive hardening guideline for ASAs? I am looking for a reliable reference or baseline for my projects, as I see various practices and I don’t always know what is acceptable or not…
For instance, I have an AAA configured ASA, but still I can read the following:
Specifically, for the passwords you mentioned, the passwd xxxx encrypted command is for the login password to the ASA. Also, you have two enabled passwords each providing different access levels which is fine if you need that. The passwords are encrypted by default so you shouldn’t be able to read them.