[Ach] bettercrypto.org document

mario.zabrocki at evonik.com mario.zabrocki at evonik.com
Thu Jan 2 09:11:03 CET 2014

Hello CERT-AT,

at first I'd like to wish a happy new year to everyone at CERT-AT.

Second I'd like to thank you for your efforts.

I read the document "Applied-Crypto-Hardening.pdf" at bettercrypto.org and 
found that the provided configuration for CISCO ASA SSH hardening (2.2.2. 
page 18) is not correct:

line vty 0 4
transport input ssh

...is only applicable on IOS devices but not on ASA firewalls. On ASA 
firewalls SSH access must be explicitly granted per IP or IP range via 
"ssh <interface-name>" command. Please move the 
mentioned line-commands to section "2.2.3. Cisco IOS".

Mit freundlichen Grüßen / Kind regards
Mario Zabrocki
IT & Telecommunication Region Ruhr
BU Site Services
Phone +49 201 173-3535
E-Mail: mario.zabrocki at evonik.com
Evonik Industries AG
Goldschmidtstraße 100
45127 Essen

Dr. Werner Müller, Vorsitzender
Dr. Klaus Engel, Vorsitzender
Thomas Wessel, Patrik Wohlhauser, Ute Wolf

Sitz der Gesellschaft ist Essen
Registergericht Amtsgericht Essen
Handelsregister B 19474
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140102/36a4e208/attachment.html>

More information about the Ach mailing list