

If outbound communications traffic is not filtered, hostile activity intended to harm other networks or packets from networks destined to unauthorized networks may not be detected and. The Cisco ASA must be configured to filter outbound traffic on all internal interfaces. The management network must still have its own subnet in order to enforce control and access boundaries provided by Layer 3 network nodes such as routers and firewalls.

The Cisco ASA perimeter firewall must be configured to block all outbound management traffic. Blocking or restricting detected harmful or suspicious. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services. In a port scanning attack, an unauthorized application is used to scan the host devices for available services and open ports for subsequent use in an attack. The Cisco ASA must be configured to implement scanning threat detection. Findings (MAC III - Administrative Sensitive) Finding ID
