Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3130
Views
10
Helpful
5
Replies

Protection from Firmware related Vulnerability / threats for Cisco Routers and Switches

Dipesh Patel
Level 2
Level 2

‎02-23-2020 10:47 PM

Dear All,

 

Can someone help with the protection against firmware related vulnerabilities / threats?

 

As you know the new Vulnerability / threats are identifying every week / Months and can be fixed either by applying workaround or by upgrading Firmware for permanent fix if it is released.

 

To upgrade firmware every time for critical Production Network devices is very difficult considering outage.

 

Is any solution where we can apply such patches on Device like NIPS which is installed at Peripherals and can protect all threats by applying required patches hence Attacker can not reach to actual devices?

 

or any other method to protect the devices without upgrading firmware frequently?

 

Regards

 

Dipesh Patel

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-23-2020 10:56 PM

Read the Security Vulnerability very, very carefully.
Not every bulletin affects everyone. Some features are NOT enabled. Workarounds can be implemented.
If nobody reads the bulletin then what is the use?
0 Helpful

Dipesh Patel
Level 2
Level 2
In response to Leo Laohoo

‎02-24-2020 01:00 AM

I agree. All the bulletins / Notifications / PSIRTs are not applicable for all depends on the features each one is using on the devices. But still is there any solution using which we can protect the devices by applying specific protection that device say NIPS instead of all Network device firmware up-gradation if applicable? similar to HIPS where we can apply required protection on HIPS instead of applying required OS security patches on system.

 

Regards

 

Dipesh Patel

 

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Dipesh Patel

‎02-24-2020 01:50 AM

Again, read the Bulletin.
If there are workarounds, it will be stated. If there are patches, it will be stated.
0 Helpful

Dipesh Patel
Level 2
Level 2
In response to Leo Laohoo

‎02-24-2020 03:06 AM

Ok. Thanks for the suggestion.

 

If Cisco has provided new firmware as a permanent solution than we have to upgraded to mitigate the said vulnerability / threats. 

 

But we want to avoid this up-gradation and apply the required protection at peripheral security device to stop attacker to exploit the vulnerability.

 

Is there any way?

 

Regards

 

Dipesh Patel

 

 

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to Dipesh Patel

‎02-24-2020 07:48 AM

@Dipesh Patel wrote:

Is there any way?

Not wanting to sound like a broken record but, I've already answered the question.  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents