I have a few questions on Cisco firepower (FP) range of security/firewall devices that I could do with some guidance on as its not an area I have reviewed before for a risk assessment exercise.
- How regularly are security patches provided to plug vulnerabilities, and is it possible to extract an ‘update history’, as there are some security metrics we need to assess in terms of how soon after an update was released that protected against a critical vulnerability, was the update applied. I was hoping there may be a report on updates (similar in some ways to get-hotfix on a windows based PC) to see how quickly these are being applied, and then subsequently the manufacturers release history. Getting some insight into what a regular 12 months looks like in terms of the volume of such updates would be interesting.
- Do hardware devices and any corresponding management software that is used to manage the device, follow any sort of equivalent lifecycle process when it comes to security updates/patches. I am trying to draw parallels to software such as Windows OS where there is pre-warning about end of support dates and once that passes, if you haven’t upgraded then no new updates will be provided for newly discovered bugs. Do Cisco firewalls follow a similar cycle, and if so where can you see the actual key support dates for the various components.
- Where Cisco firewalls provide the architecture for your corporate VPN, what specific configurations should be subject to regular backups, and is this typically automated in the exact same way you would for a VM and its data drives, or is it more complex and more ad-hoc with firewalls (if so why?).
- Are there any other regular administration & maintenance activities above and beyond patching and backups that fall part of a firewall admins day to day, week to week, month to month duties?
- From an access management perspective, if a 'bad actor' inside your infrastructure wanted to cause some sort of disruption to the availability of your VPN/employee remote access, what specific components and configurations would they target? and most importantly what controls can you put in place to minimize the likelihood of them getting access.