Cisco ASA Firewall: Cisco is reclassifying the modern firewall platform
In October 2013, Cisco quit obtaining Sourcefire for $ 2.7 billion. From that point forward, Cisco has gradually integrated Sourcefire technology. Today, Cisco has at last completely embraced Sourcefire technology in the new Cisco Firepower NGFW, in a real sense the modern age of Cisco edge network security technology.
Cisco Firepower NGFW is a completely integrated platform that incorporates firewall abilities, IPS and URL channelling, and integration to provide endpoints. Also, Cisco threat telemetry data is incorporated into the NGFW Firepower. Management of all data about threats and work process security has also been improved.
When Cisco purchased Sourcefire two years ago, they know it would be needed to travel by then. Many industry experts have been doubtful of Cisco’s capacity to join Sourcefire technology with technology like classic Cisco ASA firewall, and with this release Cisco state: “We have done it”.
Over the most recent two years, Cisco has added Firepower features to its ASA product offering. Sourcefire Firepower services could be utilized to replace a current Cisco IPS service running on ASA.
With the new Firepower NGFW, the current ASA 5500 could be moved up to another level with the software. Moreover, some older Firepower gadgets can be moved up to another level. Generally, the ASA was essentially a firewall, and Firepower was only an IPS, however, Firepower unites the two universes with NGFW.
The core of Firepower NGFW is the distribution of another Linux operating system. Cisco calls the new Linux operating system FXOS (Firepower eXtensible Operating System). The new FXOS offers service chaining capacities that can help guarantee security checking and rectification work processes.
The setting is connected and understood through Cisco Identity Service Engine (ISE) joining. Firepower can consume ISE data about clients and policies. Moreover, the integration of ISE and Firepower allows quick threats to be maintained, where the Firepower notification can be expanded through ISE to avoid the threat or malicious point from the network.
So notwithstanding blocking threats in the firewall, you can force the infected client into a quarantine zone until a fix is accomplished.
Truly everything is the just convergence of technology. It’s a logical integration that goes as far as the management plan.
Cisco fixes vulnerabilities in ASA firewall
Taking advantage of the vulnerabilities may avoid VPN connections and, much more terrible, empower attacks to enter the corporate network. Cisco has given a patch to address these vulnerabilities, and clients should install the vulnerability as soon as possible.
Since the start of January 2020, the number of available Internet-accessible Cisco ASA devices has increased by 30% from 1707 to 220,000. About half of these gadgets are in the United States (47%), followed by the United Kingdom (6%), Germany and Canada (4%), and Japan, and Russia (2% each).
- The first vulnerability (CVE-2020-3187) related to a basic level of seriousness. The vulnerability can be misused even by a low-talented hacker. By misusing a vulnerability in WebVPN, an unapproved external attacker can complete DoS attacks on Cisco ASA gadgets by just erasing files from the system. Such activities may disable the VPN connection in the Cisco ASA. What’s more, the defect allows attacks to read documents related to the VPN site.
Blocking a VPN can disturb many business processes. For instance, this can influence the connection between branches in a distributed network, upset email, ERP, and other basic systems. Another issue is that internal assets may get out of reach to telecommuters. This is particularly risky since many workers are working remotely because of a COVID-19 outbreak.
- The second Cisco ASA vulnerability scored 7.5 (CVE-2020-3259). Whenever misused, the vulnerability allows attackers to read sections of the gadget’s dynamic memory and acquire current session identifiers from clients connected with the Cisco VPN. Utilizing the Cisco VPN client, attackers can enter the stolen session ID and penetrate the organization’s internal networks. What’s more, the Cisco ASA memory can store other secret data that can be utilized in future attacks, for example, usernames, email addresses, and credentials. This vulnerability can also be misused remotely and doesn’t need approval.
To dispose of these vulnerabilities, users need to upgrade the Cisco ASA to the most recent version. To eliminate possible attacks, organizations should also utilize web application firewalls. For instance, the PT Application Firewall may identify and interrupt the utilization of CVE-2020-3187 from the box. For this, the system must be set to block all malicious requests to guarantee real-time security.
Because of the most recent update, PT Application Firewall also identifies and obstructs attacks that abuse CVE-2020-3259. For the early identification of infrastructure vulnerabilities, it is suggested to use the automated vulnerability scanners, for instance, MaxPatrol 8.
Any carelessness in addressing these difficulties, including the high number of high-risk work environments at BlueKeep (CVE-2019-0708), significantly fuel the risk of cybersecurity threats and network access control systems, including ICS networks, ATM management, maintenance, and then some.