Cisco ASA interface security levels and the state table

[swim_or_die () hotmail com]

Greetings; our client has several ASA firewalls installed that are configured with the outside interface set to a 
higher security level (80) than the inside interface (20); their reasoning was at the time that the backbone was to be 
more trusted than the stub networks, which is curious because there are no resources on the backbone.  In any case, 
it's not an issue right now because there is no NAT taking place, and the rules in all directions are allow IP any.  
The client is resistant to changing the security levels to those defined by best practices; their logic is that as they 
begin to add rules for ingress and egress filtering on the interfaces, as long as the access lists are all ended with 
an explicit deny statement, then they are OK.
Can anyone tell me if there are any issues that will arise with this bass-ackwards configuration pertaining to the 
relationship between the interface security levels and the connections in the state table?  If so, any documentation to 
that effect would be helpful.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------