Cisco ASA
   HOME

TheInfoList



Click Here for Items Related To - Cisco ASA
OR:
Cisco ASA on:   [Wikipedia]   [Google]   [Amazon]

In
computer networking A computer network is a set of computers sharing resources located on or provided by network nodes. The computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are ma ...
, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA, is
Cisco Cisco Systems, Inc., commonly known as Cisco, is an American-based multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, ...
's line of
network security Network security consists of the policies, policies, processes and practices adopted to prevent, detect and monitor unauthorized access, Abuse, misuse, modification, or denial of a computer network and network-accessible resources. Network securi ...
devices introduced in May 2005. It succeeded three existing lines of popular Cisco products: *
Cisco PIX Cisco PIX (Private Internet eXchange) was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment. In 2005, Cisco introduced the neweCisco Adaptive Security Appliance(Cisco ...
, which provided
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
and network address translation (NAT) functions, ended its sale on July 28, 2008. * Cisco's IPS 4200 Series worked as
intrusion prevention system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
s (IPS). * Cisco VPN 3000 Series Concentrators, which provided
virtual private network A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
ing (VPN). The Cisco ASA is a unified threat management device, combining several network security functions in one box.


Reception and criticism

Cisco ASA has become one of the most widely used firewall/VPN solutions for small to medium businesses. Early reviews indicated the Cisco GUI tools for managing the device were lacking. A security flaw was identified when users customized the Clientless SSL
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
option of their ASA's but was rectified in 2015. Another flaw in a WebVPN feature was fixed in 2018. In 2017
The Shadow Brokers The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of ...
revealed the existence of two privilege escalation exploits against the ASA called EPICBANANA and EXTRABACON. A code insertion implant called BANANAGLEE, was made persistent by JETPLOW.


Features

The 5506W-X has a WiFi point included.


Architecture

The ASA software is based on Linux. It runs a single Executable and Linkable Format program called lina. This schedules processes internally rather than using the Linux facilities. In the boot sequence a boot loader called ROMMON (ROM monitor) starts, loads a Linux kernel, which then loads the lina_monitor, which then loads lina. The ROMMON also has a command line that can be used to load or select other software images and configurations. The names of firmware files includes a version indicator, -smp means it is for a symmetrical multiprocessor (and 64 bit architecture), and different parts also indicate if
3DES In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a Symmetric-key algorithm, symmetric-key block cipher, which applies the Data Encryption Standard, DES cipher algorithm three ti ...
or AES is supported or not. The ASA software has a similar interface to the
Cisco IOS The Internetworking Operating System (IOS) is a family of proprietary network operating systems used on several router and network switch models manufactured by Cisco Systems. The system is a package of routing, switching, internetworking, and ...
software on routers. There is a command line interface (CLI) that can be used to query operate or configure the device. In config mode the configuration statements are entered. The configuration is initially in memory as a running-config but would normally be saved to flash memory.


Options

The 5512-X, 5515-X, 5525-X, 5545-X and 5555-X can have an extra interface card added. The 5585-X has options for SSP. SSP stands for security services processor. These range in processing power by a factor of 10, from SSP-10 SSP-20, SSP-40 and SSP-60. The ASA 5585-X has a slot for an I/O module. This slot can be subdivided into two half width modules. On the low end models, some features are limited, and uncrippling happens with installation of a Security Plus License. This enables more
VLAN A virtual local area network (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2).IEEE 802.1Q-2011, ''1.4 VLAN aims and benefits'' In this context, virtual, refers to a physi ...
s, or
VPN A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The be ...
peers, and also high availability. Cisco
AnyConnect Cisco Systems' products and services focus upon three market segments—enterprise and service provider, small business and the home. Corporate market "Corporate market" refers to enterprise networking and service providers. ;Enterprise network ...
is an extra licensable feature which operates
IPSec In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in ...
or SSL tunnels to clients on PCs, iPhones or iPads.


Models

The 5505 introduced in 2010 was a desktop unit designed for small enterprises or branch offices. It included features to reduce the need for other equipment, such as an inbuilt switch, and
power over Ethernet Power over Ethernet, or PoE, describes any of several standards or ad hoc systems that pass electric power along with data on twisted-pair Ethernet cabling. This allows a single cable to provide both data connection and electrical power to d ...
ports. The 5585-X is a higher powered unit for
datacenter A data center (American English) or data centre (British English)See spelling differences. is a building, a dedicated space within a building, or a group of buildings used to house computer systems and associated components, such as telecommunic ...
s introduced in 2010. It runs in 32 bit mode on an Intel architecture Atom chip. Cisco determined that most of the low end devices had too little capacity to include the features needed, such as anti-virus, or sandboxing, and so introduced a new line called next generation firewall. These run in 64 bit mode. Models as of 2018.


References


External links


Cisco ASA 5500 Series Adaptive Security Appliances


{{Cisco Systems Server appliance Lua (programming language)-scriptable hardware Cisco products Computer network security