Cisco ASA Firewall Specs

Dedicated Server Hosting is a huge deal for businesses with hefty system resource requirements. To properly secure sensitive data, you need multiple cybersecurity measures in place, including antivirus (AV) and backup solutions. If your dedicated server stores medical data or other confidential information, you should consider integrating the Cisco ASA firewall to harden your system.

What is a Firewall?

A firewall is a hardware or software application that allows incoming and outgoing network traffic on a system in accordance with defined security rules. A firewall properly configured to negate or mitigate the biggest risks for your server environment will conserve processing power needed to maintain the dedicated server’s CPU performance.

Common Types of Firewalls

There are multiple types of firewalls for stopping cyber attacks.

Traditional, or “stateful inspection,” firewalls block traffic based on state (e.g., “listen”), port number, and protocol. In the past, these were the most common, while other methods were taken to provide better protection.

Unified threat management (UTM) firewalls are beefed up with intrusion prevention and AV scanning capabilities for a fully fledged security package.

Both have their place in modern use cases today. However, web applications with publicly accessible API calls and executable code, like PHP, are vulnerable to advanced malware. This led to the popularity of web application firewalls.

Web Application Firewalls

Web application firewalls (WAFs) operate as reverse proxies and use signature-based detection to block malicious activity. They protect installations at layer 7 (application) of the Open Systems Interconnection (OSI) model against: 

• Code injection
• Zero-day attacks
• Cross-site scripting (XSS)
• Unauthorized access to APIs
• Denial of service (DoS) attacks targeting apps

Host-Based WAFs

Host-based WAFs are installed on the system. The benefits are that they’re easy to implement, and many popular options for Linux systems are free:

• ConfigServer Security & Firewall (CSF)
• ModSecurity
• Fail2ban

The downside is that since host-based WAFs are installed on the system, they share resources with the applications they’re meant to protect. Even if the WAF protects your data during a DoS attack, your app’s performance and users’ experience will likely suffer. They also require some setup to work with your server hosting environment.

Cloud-Based WAFs

Cloud-based WAFs are software-as-a-service (SaaS) platforms, not installed on your web server but deployed in front of it via DNS. Sucuri is great for larger businesses that lack manpower and need instant access to cybersecurity analysts in the event of a cyberattack. It’s also pricier compared to host-based firewalls. Cloudflare also includes some WAF features. Both are often used in conjunction with a host-based WAF to greatly reduce traffic load and improve speed.

The ease of use is somewhat negated if you don’t have visibility into exactly how the WAF is protecting you against vulnerabilities specific to your application(s). You’re also trading some server cyber risks for those of the security platform you’re using. Lastly, it is sometimes possible to bypass a cloud-based platform for a stealthy infection, rendering cloud-based solutions ineffective.

Our solution for businesses wanting to get the most out of their InMotion Dedicated Server Hosting: a Cisco hardware firewall.

What is the Cisco ASA Firewall?

Cisco Adaptive Security Appliance (ASA) 5500-X series firewalls protect protocols such as DNS and SSH from man-in-the-middle (MITM), DDoS, and related cyberattacks at OSI layers 3 and 4 (network traffic and data transfer, respectively). The network-based firewall is a hardware appliance installed and maintained alongside your dedicated server in our data center of your choice for significant advantages:

• Traffic has no choice but to go through the firewall for stateful inspection
• Hardware appliance is unaffected by server operating system (OS) vulnerabilities
• Doesn’t use server resources to fight cyber intrusions
• Perfect for gating unauthorized incoming traffic from private APIs, applications, and other resources in multi-server environments

The SourceFire acquisition resulted in the Cisco ASA 5506 firewall being an all-in-one solution with next-generation firewall (NGFW) features:

• FirePOWER next-generation intrusion prevention system (NGIPS) services
• Advanced WAF rules specific to installed apps and user permissions
• Advanced Malware Protection (AMP) for AV scanning and removal

Add to that a strong system backup solution, and maybe some security HTTP headers (Content Security Policy and HTTP Strict Transport Security), and you’ve achieved a solid defense in depth approach.

Network-based firewall solutions are generally the most expensive due to data center storage requirements and maintenance costs.

Cisco ASA Firewall vs Sucuri WAF

Here’s a short summary that dedicated server administrators can use for comparing the next-generation firewall vs WAF. 

Getting Started with the Cisco ASA Firewall

Want to learn more about getting started with a Bare Metal or cPanel-managed dedicated server packaged with a Cisco ASA 5506 firewall? Here’s all you need to do.

1. Contact our sales team with any further questions or to purchase a Cisco ASA firewall with Dedicated Linux Server Hosting.
2. After purchasing a Cisco firewall subscription, you’ll be emailed your firewall user credentials. Secure the firewall IP address and user details in a password manager (e.g. KeePass) and remove the email.
3. Log into your Cisco ASA firewall.