The Cisco ASA 5500 security appliance is not just a plain firewall. With an add-on security module (AIP-SSM), you can transform the ASA 5500 into an IDS/IPS sensor as well. The AIP-SSM (Advanced Inspection and Prevention – Security Services Module) is a full-blown IDS/IPS sensor with the same software and functionality like the external standalone IPS-4200 series appliance. Read the rest of this entry

It is a good security practice to configure a Warning login banner on your Cisco ASA firewall appliance for unauthorized access attempts. The command format is:

ciscoasa(config)# banner {asdm | exec | login | motd text}

As you can see from the command format, there are four access banner types as following:

• asdm: The Firewall displays a banner after you successfully log in to ASDM.
• exec: The Firewall displays a banner before displaying the enable prompt.
• login: The Firewall displays a banner before the password login prompt when accessing the security appliance using Telnet.
• motd: This is the Message of the Day banner. It is displayed when you first connect.

Configuration Example for Login Banner:

ciscoasa(config)# banner login                ** W A R N I N G **
ciscoasa(config)# banner login Unauthorized access prohibited. All access is
ciscoasa(config)# banner login monitored, and trespassers shall be prosecuted
ciscoasa(config)# banner login to the fullest extent of the law.