Quick Definition: An Adaptive security appliance, or ASA, refers to a piece of cybersecurity hardware that Cisco sells. ASAs can be used for multiple purposes. They can be used to protect your computer from viruses, intrusions, and other threats.
A Quick Overview of Cisco ASA [VIDEO]
Keith Barker explains the basics of an ASA, its most important features and how they work. Learn firewall basics, including stateful inspection, creating dynamic exemptions, keeping user traffic secure, and moving quickly. Also, learn what NATs and PATs do when translating IPs.
How does an ASA secure a network?
The default behavior of an Cisco Adaptive Security Appliance (ASA) is to block all external traffic from entering a network. Rogue actors cannot do any mischief if they don’t get in from outside. Cisco has also designed ASAs with robust and intelligent capabilities that can recognize traffic of all types.
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start trainingThere are many types and levels of protection in cybersecurity. Different software and hardware solutions offer different protections. Cisco Adaptive Security Appliance (or ASA) is a powerful network security device that combines many capabilities and features into one device.
Let’s take a look at a typical ASA network to see what it does. Imagine a network. Give it an “inside” zone and a “demilitarized zone (DMZ) with several servers that can touch the internet. Then, place an ASA between the network and the Internet – protecting it all.
We all know that the world outside is dangerous. The ASA will automatically deny any traffic from outside, regardless of whether it’s a user, a system or a server. An ASA protects a network so that outside traffic is stopped before it can reach any devices on the network.
To keep your network safe, you must block all internet connections. You can see why this is often not very practical. Most companies have to use the internet. This means that users can access the outside world from their internal networks and receive replies. It also means that valid requests can be sent to web servers via the internet.
Although an ASA may default to blocking packets from the inside or DMZ, it also has a lot of bells and whistles that allow safe, valid interaction with internet.
How do ASAs use stateful inspection?
An ASA saves session data when internal users request the internet. This allows it to recognize and allow that traffic through when it receives a valid response. The mechanism that allows the ASA stateful inspection to do so is called “stateful inspection”.
Imagine Bob, a user in our internal network. Bob would like to connect to the internet. He makes his request.
Traffic from this request is sent out to the internet. It is clear that Bob’s ASA would prevent all traffic from returning to the network. This would be far more useful than not being plugged in at all.
Bob isn’t just sending out requests to the internet without expecting a reply. He will need to receive a response in order for his internet connection be useful. Bob expects a reply from an external server.
Remember that an ASA will deny traffic before it reaches its network. If the firewall doesn’t allow Bob’s reply, there is no Internet. The firewall does something remarkable when Bob’s request leaves network. It looks at Bob’s session in the background and recalls things.
It keeps track of the source IP address, destination IP addresses, Layer 4 information, as well as ports involved. It then puts all that information into a session table, a stateful table. When you get the reply
