If it’s company CEO, they should purchase Smartnet contract and keep the firmware updated. That’s about the only way you are going to fix vulnerabilities, hope Cisco fixes them, and keep up with the latest firmware.
IMHO the only reason to have a Cisco ASA at home is he needs a site-to-site VPN to an ASA at the office. Meaning he has multiple devices at home that need to work across the VPN, otherwise he could probably use a software VPN client on his computer. Or maybe non computer devices like his phone needs to work across the VPN. Also IMHO if this is the case, he needs a Cisco security trained/certified IT person to manage it. I was OK dealing with IOS but the ASA series I always found very difficult to configure and maintain, I pretty much wouldn’t touch them. One of my customers who had ASAs at HQ and every branch office had a big IT company under contract to do all their ASA maintenance and even though they were supposedly Cisco experts, they would screw up and mess everything up trying to do a simple change and end up taking a whole day to get it working again. A common approach seems to be start with ASDM to get a basic working config because you’ll never get there from the command line, but then SSH in and do the rest of the config manually. Then be sure to save a copy of the config for when you inevitably break everything trying to make a change. If the CEO just needs a fancy router, there are probably better choices than an ASA. Just not a Sonicwall. Maybe a nice Netgear AX8, which will look it’s about to take off and fly around the living room. Or maybe a nice Google WiFi, he can put one in every room. But you’re probably going to say it’s the VPN thing. Some people say it’s because they need a true firewall, not just a router. But then I ask them what custom firewall rules they defined. And who monitors the IDS logs and responds to the identified threats. If the answers are none and nobody, then it’s just an expensive router. And BTW, in my experience ASAs are like every other router, first troubleshooting step is to power cycle them and see if the VPN light comes back on. I have some customers now using firewall appliances at every site that they contract out to a big telco which I think is using firewall appliances based on pfSense. I don’t really know enough to have an opinion, but that seems a reasonable way to go. No Cisco maintenance contract to buy just to get firmware updates. Just finding someone to sell you Smartnet is a pain, I used to call up a place like CDW. I swear Cisco doesn’t really want your business unless you’re a Fortune 500 company, or government, or a big telco. From: AF <af-boun...@af.afmug.com> On Behalf Of Jaime Solorza Sent: Thursday, November 15, 2018 5:32 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] Router vulnerability Friend has one for ceo of his company...can you point me to sure for ideas? On Thu, Nov 15, 2018, 12:15 PM Josh Luthman <j...@imaginenetworksllc.com <mailto:j...@imaginenetworksllc.com> wrote: Who's using an ASA at home? ASA has a bunch of vulnerabilities - most fixed, some not... Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Nov 15, 2018 at 11:42 AM, Jaime Solorza <losguyswirel...@gmail.com <mailto:losguyswirel...@gmail.com> > wrote: What is the latest on router vulnerability to hacks on ASA and home versions? -- AF mailing list AF@af.afmug.com <mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com -- AF mailing list AF@af.afmug.com <mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
