Thanks On Thu, Nov 15, 2018, 5:59 PM Ken Hohhof <[email protected] wrote:
> If it’s company CEO, they should purchase Smartnet contract and keep the > firmware updated. That’s about the only way you are going to fix > vulnerabilities, hope Cisco fixes them, and keep up with the latest > firmware. > > > > IMHO the only reason to have a Cisco ASA at home is he needs a > site-to-site VPN to an ASA at the office. Meaning he has multiple devices > at home that need to work across the VPN, otherwise he could probably use a > software VPN client on his computer. Or maybe non computer devices like > his phone needs to work across the VPN. > > > > Also IMHO if this is the case, he needs a Cisco security trained/certified > IT person to manage it. I was OK dealing with IOS but the ASA series I > always found very difficult to configure and maintain, I pretty much > wouldn’t touch them. One of my customers who had ASAs at HQ and every > branch office had a big IT company under contract to do all their ASA > maintenance and even though they were supposedly Cisco experts, they would > screw up and mess everything up trying to do a simple change and end up > taking a whole day to get it working again. > > > > A common approach seems to be start with ASDM to get a basic working > config because you’ll never get there from the command line, but then SSH > in and do the rest of the config manually. Then be sure to save a copy of > the config for when you inevitably break everything trying to make a change. > > > > If the CEO just needs a fancy router, there are probably better choices > than an ASA. Just not a Sonicwall. Maybe a nice Netgear AX8, which will > look it’s about to take off and fly around the living room. Or maybe a > nice Google WiFi, he can put one in every room. > > > > But you’re probably going to say it’s the VPN thing. Some people say it’s > because they need a true firewall, not just a router. But then I ask them > what custom firewall rules they defined. And who monitors the IDS logs and > responds to the identified threats. If the answers are none and nobody, > then it’s just an expensive router. And BTW, in my experience ASAs are > like every other router, first troubleshooting step is to power cycle them > and see if the VPN light comes back on. > > > > I have some customers now using firewall appliances at every site that > they contract out to a big telco which I think is using firewall appliances > based on pfSense. I don’t really know enough to have an opinion, but that > seems a reasonable way to go. No Cisco maintenance contract to buy just to > get firmware updates. Just finding someone to sell you Smartnet is a pain, > I used to call up a place like CDW. I swear Cisco doesn’t really want your > business unless you’re a Fortune 500 company, or government, or a big telco. > > > > > > *From:* AF <[email protected]> *On Behalf Of *Jaime Solorza > *Sent:* Thursday, November 15, 2018 5:32 PM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Subject:* Re: [AFMUG] Router vulnerability > > > > Friend has one for ceo of his company...can you point me to sure for > ideas? > > > > On Thu, Nov 15, 2018, 12:15 PM Josh Luthman <[email protected] > wrote: > > Who's using an ASA at home? > > > > ASA has a bunch of vulnerabilities - most fixed, some not... > > > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > > > On Thu, Nov 15, 2018 at 11:42 AM, Jaime Solorza <[email protected]> > wrote: > > What is the latest on router vulnerability to hacks on ASA and home > versions? > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
