[Ach] bettercrypto.org document
mario.zabrocki at evonik.com
mario.zabrocki at evonik.com
Thu Jan 2 09:11:03 CET 2014
Hello CERT-AT,
at first I'd like to wish a happy new year to everyone at CERT-AT.
Second I'd like to thank you for your efforts.
I read the document "Applied-Crypto-Hardening.pdf" at bettercrypto.org and
found that the provided configuration for CISCO ASA SSH hardening (2.2.2.
page 18) is not correct:
line vty 0 4
transport input ssh
...is only applicable on IOS devices but not on ASA firewalls. On ASA
firewalls SSH access must be explicitly granted per IP or IP range via
"ssh 1.1.1.1 255.255.255.255 <interface-name>" command. Please move the
mentioned line-commands to section "2.2.3. Cisco IOS".
Mit freundlichen Grüßen / Kind regards
Mario Zabrocki
IT & Telecommunication Region Ruhr
BU Site Services
Phone +49 201 173-3535
E-Mail: mario.zabrocki at evonik.com
Evonik Industries AG
Goldschmidtstraße 100
45127 Essen
Germany
www.evonik.com
Aufsichtsrat
Dr. Werner Müller, Vorsitzender
Vorstand
Dr. Klaus Engel, Vorsitzender
Thomas Wessel, Patrik Wohlhauser, Ute Wolf
Sitz der Gesellschaft ist Essen
Registergericht Amtsgericht Essen
Handelsregister B 19474
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140102/36a4e208/attachment.html>
More information about the Ach
mailing list