Avatar of Pau Lo
Pau Lo
 asked on

cisco firepower device administration basics

I have a few questions on Cisco firepower (FP) range of security/firewall devices that I could do with some guidance on as its not an area I have reviewed before for a risk assessment exercise.

  1. How regularly are security patches provided to plug vulnerabilities, and is it possible to extract an ‘update history’, as there are some security metrics we need to assess in terms of how soon after an update was released that protected against a critical vulnerability, was the update applied. I was hoping there may be a report on updates (similar in some ways to get-hotfix on a windows based PC) to see how quickly these are being applied, and then subsequently the manufacturers release history. Getting some insight into what a regular 12 months looks like in terms of the volume of such updates would be interesting.
  2. Do hardware devices and any corresponding management software that is used to manage the device, follow any sort of equivalent lifecycle process when it comes to security updates/patches. I am trying to draw parallels to software such as Windows OS where there is pre-warning about end of support dates and once that passes, if you haven’t upgraded then no new updates will be provided for newly discovered bugs. Do Cisco firewalls follow a similar cycle, and if so where can you see the actual key support dates for the various components.
  3. Where Cisco firewalls provide the architecture for your corporate VPN, what specific configurations should be subject to regular backups, and is this typically automated in the exact same way you would for a VM and its data drives, or is it more complex and more ad-hoc with firewalls (if so why?).
  4. Are there any other regular administration & maintenance activities above and beyond patching and backups that fall part of a firewall admins day to day, week to week, month to month duties?
  5. From an access management perspective, if a 'bad actor' inside your infrastructure wanted to cause some sort of disruption to the availability of your VPN/employee remote access, what specific components and configurations would they target? and most importantly what controls can you put in place to minimize the  likelihood of them getting access.

Thanks

SecurityVulnerabilitiesNetworkingNetworking Hardware-OtherCisco

Avatar of undefined
Last Comment
Pau Lo

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Steve Jennings

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Pau Lo

ASKER
Thanks Steve, much appreciated.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy