Re: Boundary Protection

warwolf002 · ‎07-25-2018

I need to know for a client if the Cisco ASA 5506-X Network Security Firewall with Security Plus License is compliant with this security question:

Does the agency ensure that boundary protection devices do not release unauthorized information if a failure occurs (the device should "fails closed" versus "fails open")?

Thank you.

mvsheik123 · ‎07-25-2018

Hi,

AFAIK there is no definitive answer for your client. This this depends on multiple factors like how the device is configured, what traffic permitted, what encryption used, how it is administered (software updates etc) and so on. A failure can be different ways. As you are well aware- if there its power failure - the fail close and all traffic will be blocked. Any network device can protect upto certain extent and it is recommended to implement multi layer protection at perimeter.

hth

MS

Dennis Mink · ‎07-25-2018

What is their definition of "failure" was this elaborated? if not, its impossible to answer the question.

Please remember to rate useful posts, by clicking on the stars below.

warwolf002 · ‎07-26-2018

Thank you for your response.

Here is the only additional information I could find on this question from
the questionnaire:

5. Ensure the operational failure of the boundary protection mechanisms do
not result in any unauthorized release of information outside of the
information system boundary (i.e. the device shall "fails closed" vs. "fails
open").

mvsheik123 · ‎07-26-2018

Hi,

You can tell client incase of power failure - its fail close. You may hear back from them with more color to the question.

hth

MS