cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1144
Views
0
Helpful
4
Replies

Boundary Protection

warwolf002
Level 1
Level 1

I need to know for a client if the Cisco ASA 5506-X Network Security Firewall with Security Plus License is compliant with this security question:

 

Does the agency ensure that boundary protection devices do not release unauthorized information if a failure occurs (the device should "fails closed" versus "fails open")?

 

Thank you.

4 Replies 4

mvsheik123
Level 7
Level 7

Hi,

AFAIK there is no definitive answer for your client. This this depends on multiple factors like how the device is configured, what traffic permitted, what encryption used, how it is administered (software updates etc) and so on. A failure can be different ways. As you are well aware- if there its power failure - the fail close and all traffic will be blocked. Any network device can protect upto certain extent and it is recommended to implement multi layer protection at perimeter.

hth

MS

Dennis Mink
VIP Alumni
VIP Alumni

What is their definition of "failure" was this elaborated? if not, its impossible to answer the question.

Please remember to rate useful posts, by clicking on the stars below.

Thank you for your response.



Here is the only additional information I could find on this question from
the questionnaire:



5. Ensure the operational failure of the boundary protection mechanisms do
not result in any unauthorized release of information outside of the
information system boundary (i.e. the device shall "fails closed" vs. "fails
open").


Hi,

You can tell client incase of power failure - its fail close. You may hear back from them with more color to the question.

hth

MS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: