Security Management

Several major enhancements assist you in managing the ASA/PIX version 7 operating system, including the following:

• ASDM 5.0

• Modular policy framework

• Online image updates

• Auto-update

• SSH2

• Multiple boot images and configuration files

• Syslog TCP transport

ASDM 5.0

ASDM 5.0 is a new and fully functional GUI that enables you to control all aspects of configuration and monitoring for the ASA/PIX version 7 operating system. ASDM uses HTTPS encrypted sessions to mitigate chances that a hacker would be able to steal usernames, passwords, or configurations off of the network and enables you to configure virtually all of the new ASA/PIX version 7 operating system enhancements.

Modular Policy Framework

This is a new feature of ASA/PIX version 7, enabling you to create groups of services or classify different aspects of the operating system. The modular policy framework allows individual traffic flows between hosts or networks to be defined, and quality of service (QoS), application inspection, and connection limits can then be applied separately to each flow.

Online Image Upgrades

This new feature enables you to use ASDM to upgrade the ASDM and ASA/PIX version 7 images from the PC that is running ASDM. You can navigate to the images and select the location in Flash memory where the images are to be copied.

You can see this feature by clicking the Tools pull-down menu and choosing Upload Image from Local PC.

Auto-Update

This new feature was part of the PIX VMS management suite and was ported to ASDM 5.0 and ASA/PIX version 7. It enables you to schedule automatic updates for your ASA/PIX operating system.

The auto-update feature simplifies the process and scheduling of updates to your ASA/PIX security appliances. It enables you to easily select the images to be updated and to schedule the dates and times that the update will occur.

You can see this feature in ASDM by navigating to the following panel:

Configuration > Features > Properties > Auto Update

SSH2

This is a new feature of ASA/PIX version 7 that enables you to manage your ASA/PIX Security Appliance in CLI mode with a secure encrypted command-line utility. There were many vulnerabilities with SSH1. SSH2 addresses those problems, resulting in a much more secure management environment.

You can see this feature in ASDM by navigating to the following panel:

Configuration > Features > Device Administration > Administration > Secure Shell

Multiple Boot Images

This new feature of ASA/PIX version 7 enables you to select the priority and specify up to four operating system images to boot from Flash memory or a TFTP server.

You can see this feature in ASDM by navigating to the following panel:

Configuration > Features > Device Administration > Administration > bootimage_config

SYSLOG TCP Transport

This new ASA/PIX version 7 feature supports the sending of syslog messages using TCP messages that keep track of connection state and provide a reliable transport mechanism. The ASA/PIX Security Appliance keeps trying to send messages if the TCP syslog server becomes unavailable. This ensures that syslog messages are not lost.

You can see this feature in ASDM by navigating to the following panel:

Configuration > Features > Properties > Logging > Syslog Servers

Then, choose the Add or Edit dialog boxes.