02-23-2020 10:47 PM
Dear All,
Can someone help with the protection against firmware related vulnerabilities / threats?
As you know the new Vulnerability / threats are identifying every week / Months and can be fixed either by applying workaround or by upgrading Firmware for permanent fix if it is released.
To upgrade firmware every time for critical Production Network devices is very difficult considering outage.
Is any solution where we can apply such patches on Device like NIPS which is installed at Peripherals and can protect all threats by applying required patches hence Attacker can not reach to actual devices?
or any other method to protect the devices without upgrading firmware frequently?
Regards
Dipesh Patel
02-23-2020 10:56 PM
02-24-2020 01:00 AM
I agree. All the bulletins / Notifications / PSIRTs are not applicable for all depends on the features each one is using on the devices. But still is there any solution using which we can protect the devices by applying specific protection that device say NIPS instead of all Network device firmware up-gradation if applicable? similar to HIPS where we can apply required protection on HIPS instead of applying required OS security patches on system.
Regards
Dipesh Patel
02-24-2020 01:50 AM
02-24-2020 03:06 AM
Ok. Thanks for the suggestion.
If Cisco has provided new firmware as a permanent solution than we have to upgraded to mitigate the said vulnerability / threats.
But we want to avoid this up-gradation and apply the required protection at peripheral security device to stop attacker to exploit the vulnerability.
Is there any way?
Regards
Dipesh Patel
02-24-2020 07:48 AM
@Dipesh Patel wrote:
Is there any way?
Not wanting to sound like a broken record but, I've already answered the question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide