¨Each interface is assigned a security level from 0 to 100
–Security level 100 usually assigned to interface connected to the inside private network
–Security level 0 usually assigned to outside public interface
¨By default, traffic can flow from a higher security level to a lower security level provided that a NAT (xlate) is built for the source IP address
¨connections from lower security interface to a higher security interface must be explicitly permitted via ACL or conduit