It's upgrade time: Do I pick Cisco ASA (5500) or FirePower Appliances?


By Liam Keegan - May 17, 2018

At 24/7 Networks, we get a lot of questions about Cisco's strategy regarding the legacy Cisco ASA appliances and the new FirePower 2100, 4100 and 9300-series appliances. Customers have been asking, "I have to upgrade - which one do I choose?" Not sure which is the best for your organization? Let me provide you some pros and cons of both options.
But first, a bit of history. 
In the beginning, there was the ubiquitous Cisco ASA (Adaptive Security Appliance). This was the de-facto standard for Layer 3 and 4 firewalls. VPN remote access, it was all done on this platform. However, security changed - instead of ports and protocols, firewalls needed to look at applications and behavior. Other vendors released their Next Generation Firewalls (NGFW), and Cisco had to catch up.
So, what does Cisco do? July of 2013, Cisco spent $2.3 billion for SourceFire, a preeminent manufacturer of Next Generation Firewalls. Since then, Cisco has spent millions integrating the SourceFire purchase with their existing ASA firewalls. The SourceFire firewall is commonly referred to as FirePower.
For the last few years, if you had a Cisco ASA 5500-X series firewall, you could run a virtualized instance of FirePower right on your ASA as a separate instance. You still had to manage the ASA, then manage the FirePower. Two interfaces were never great, so the security team at Cisco merged the functionality of the ASA with the NGFW capabilities of the FirePower. This new image is called FirePower Threat Defense, or FTD for short.
FTD does NOT have feature parity with the ASA. For the basic functionality, you're fine, but if you do complex remote access VPN policies (like DAP), that feature isn't included with FTD. They're working on it, but it's not a 1:1 replacement - you need to do a bit of due diligence.
On to today....
If you have a Cisco ASA 5500-X appliance, you can either run the legacy ASA image (plus a FirePower virtual NGFW), or now you have the option to convert your 5500-X to FTD. I wouldn't say that customers have been chomping at the bit to make this change, since everyone is familiar with ASA and doing upgrades for the sake of upgrades isn't high on anyone's list.
In the last year, Cisco has released the successor product line to the ASA 5500-X. The next-gen product lines are the Cisco FirePower 2100, 4100 and 9100 appliances. They are MUCH faster, have considerably more interfaces and scalability, and are at a much better price-per-gig price point. 
Here's an old vs. new chart on list price on the ASA and FPR appliances:
  • ASA 5525: $8,995 - 650 Mbps
  • ASA 5545: $17,995 - 1 Gbps
  • ASA 5555: $24,995 - 1.25 Gbps
 
  • FPR 2110: $10,995 - 2 Gbps
  • FPR 2120: $19,995 - 3 Gbps
  • FPR 2130: $29,995 - 4.75 Gbps
  • FPR 2140: $69,995 - 8.5 Gbps
For most mid-market customers, the 2110 is going to be the sweet spot. You get 2x the performance at 1/2 the cost. It's a no-brainer to pick the newer product line.
But read on… There’s a catch!
On the new FirePower appliances, you can run ASA or FTD images. It's very flexible. But, if you run ASA, you can ONLY run ASA - no NGFW capabilities. If you want NGFW - and you do - you must run an FTD image. Because you're switching to FTD, you need to make sure the capacities you need are in the product line.
TL;DR:
  •  The new Cisco 2100/4100/9300 appliances have more capacity/bang for the buck than the old ASA 5500-X appliances.
  •  The Firepower Threat Defense (FTD) software image that's available on the 5500-X and new 2100/4100/9300 appliances doesn't have all the features that the legacy ASA code has.
  •  If you want NGFW capabilities on the new 2100/4100/9300 appliances, you must run an FTD image. You can still run ASA code on the 2100/4100/9300 platform, without the NGFW feature.
If you need an evaluation of your current ASA platform and what it'd take to migrate to FTD, please feel free to contact us!
(Here are the part numbers referenced in the price chart above: ASA5525-K9,ASA5545-K9,ASA5555-K9,FPR2110,FPR2120,FPR2130,FPR2140)
 
 
Read More...

Would this malware have fooled you?

Anyone can be a victim!

By Liam Keegan - March 13, 2018

I was doing a random Google search and came across this web page (URL withheld, because, well because.):
Malware 24/7 networks image
Immediately after this, I get a pop up box:
Malware 24/7 networks image
Well, I immediately went to my sandbox virtual machine (one that gets wiped clean after it gets swine flu) and tried it out:
And just like that: boom, file downloading. Then *boom*, the malware was blocked by our Cisco SourceFire Advanced Malware Protection. #winning!
Malware 24/7 networks image
This attack vector is particularly good. You see a page of gibberish, get a prompt and install a file with an official looking popover, complete with the Google logo.
I really think that this is the insurmountable security problem that we (the collective we) need to work towards solving. In everyone's crazy day, moving from one tab to another, multitasking with 8000 parallel tasks, who would notice that an install button popped up to the front and an installer downloaded to a task bar?
I work in network security, and it took my pea-brain a tick or two to raise the red flag.For people that aren't looking out for this, this is how stuff gets through. In this case, our firewalls blocked it, but if a bad actor was trying to spear-phish someone with custom malware or a very targeted malicious app, it could be game-over. These attacks are everywhere, and it is more important now than ever to be on the lookout for such attacks.
I think one of the non-technical answers to these problems is user education. Information out there is good, but they don't teach users to "spot the bad". Nothing can block 100% of the technical risk, but if we have employees that are always on the lookout for these types of attacks, then the awesome technical products can round out a solid defense.
At 24/7 Networks, one of the things that we do is share these types of attacks internally (via email and Cisco Spark), and provide a quick narrative about how it's out to get us. While that doesn't solve everything, it's a really good way to make sure our user base is educated about what's coming in via email and arriving through the web.
If you take away one thing from this article, it's don't ever click on anything. Ever. And set your PC on fire. That was a joke. Please don't set your PC on fire.
Read More...

Fear of Missing Out... Do you have it in the office?

I think I am missing out at work!

By Crystal Johnston - February 16, 2018

We have all been there, overhearing a coworker talk about a girls night out, or not knowing that there was an office happy hour that you weren’t invited to, but does that actually affect your working environment? It is harder now than ever to disassociate work from personal life, and it makes it even harder when FOMO kicks in at the office. How do we overcome this Fear of Missing Out when it come to our colleagues?
 
1. I am just not getting invited
                It is true, you won’t get invited to every gathering, but when it seems to be a regular occurrence, have you looked into as why? “Everybody has a need for social approval. It’s the basis of our human functioning.” This was stated by Marie Mitchell, co-author of the research and professor of Managements at UGA. When this social approval becomes a basis of acceptance in the work place, employees can start to feel disconnected and unappreciated within their working environment. This effect of being excluded can cause a detrimental effect on employees and their thoughts of workplace acceptance.
                Have you ever considered why you are not invited? Is it intentional that you are not included in employee gatherings or is it your perception that you are not being invited out with the guys for a beer? Maybe you have placed an invisible wall up that makes it difficult to be invited to external gatherings? These questions need to be asked in order to really dive into why exclusions may be affecting you in the work place.
2. I want to go, but I say no because I am so busy
                Have you caught yourself saying “No” before you were even invited? Face it, we live very busy lives and a little spontaneity can be overwhelming. The Bureau of Labor and Statistics shows that people spend around 30 minutes a day socializing and communicating, that’s not a lot of time. Since it is only 30 minutes, that time becomes quite valuable. So, that happy hour after work may be more time than you want to dedicate because you treasure your “disconnection time”.
3. I don’t think I am accepted at work.
                Since humans by nature work off of acceptance, it is hard to be “OK” with the fact that we are not invited to every gathering or outing, but how do we cope? It is completely ok to feel negative about not being included, what is detrimental is holding onto those emotions as fact, verses a short time emotional feeling. Create an element of awareness that these feeling are occurring; these feelings do not have to dictate your future interaction with your coworkers. Just because the invite didn’t come through does not mean that you are not accepted, it just means that the invite didn’t come through. Don’t hold onto those negative emotions.
4. I know that they are intentionally leaving me out!
                Do you really believe that your coworkers are intentionally leaving you out of gatherings? Have you tried asking them, or even inviting yourself? We, as people, are GREAT at assuming situations that are occurring instead of finding true reasoning behind situations. Investigate further as to why you are being excluded. Biggest thing you can do is refrain from obsession over believing it is an intentional act. Easier said than done, but rise above these actions as they will cause a resentment in the workplace.
5. They are just trying to bully me and push me out.
                If this is the case, then why are you still there? Work isn’t always the most prime location to make friends, because you are there to work. If your work is now being interfered by a colleague who is intentionally bullying you, get out. Sometimes it is as simple of moving to a different part of the office, or speaking to a trusted authority of the organization. If you feel that you are intentionally being left out because of a bully, you need to speak up.
6. I just want to be a part of the group!
                You are the only one who will change your situation, so why not take action. Start making your own plans and inviting others to them, don’t wait for the invitation to come your way. Avoid being the victim and become a victor. Initiate the outings and become the host. As colleagues see you are wanting to participate more, they will be more inclined to invite you on future events!
7. I want to be a part of the popular group, they just don’t seem to like me
                The “popular” don’t see themselves as in the “in group”. They too feel disassociated and left out from time to time. Stop comparing yourself to them and take the lead. People drive towards confidence. Give yourself a reason to be in the “in crowd,” if one even exists that is.
 
Biggest thing, don’t let the thought of being left out get you down, you are ultimately the one who can change this feeling. Not everyone is going to be invited, this isn’t on you, this is only a situation. Let yourself take initiative and go above being the invited and become the person doing the inviting. Keep in mind, these are emotions and they will pass as long as you allow to look at them at face value.
 
 
Resources: Weeks, M. UGA Study Shows What Happens When Employees Feel Excluded at Work. 9/22/14 https://news.uga.edu/employee-exclusion-study/
Bureau of Labor and Statistics; Average hours per day spent in selected leisure and sports activities by age https://www.bls.gov/charts/american-time-use/activity-leisure.htm
Segal, Z. Three Ways Acceptance Helps You Work with Difficult Emotions 5/18/2016 https://www.mindful.org/three-ways-acceptance-helps-work-difficult-emotions/
Read More...

Are Business Texts Taboo?

Welcome to the 21st Century

By Crystal Johnston - February 1, 2018

We all do it, send a quick text message to our friends and family, but is text messaging in business taboo? Sending a quick message saying you are running late or confirming receipt of a package, is it frowned upon to do this in our day to day business? 
We are in a digital world, but does that mean that we must halt our casual forms of communication just because our structure of business must be more formal? This should not be the case, we should feel comfortable enough with our associates and understand that we live in a fast-paced world, which mean a text message may be more convenient than an email or phone call.
Here’s some tips as to how texting can give you an edge within the business world.
 
1. Business are utilizing texting communications, why aren’t you?
Retailers are using text messaging to communicate more with their products and services. The days of cold calling and email blasting are dead. People avoid the unknown call but are way more responsive to a text message. Why not use this opportunity to break down a communication barrier?
 
2. Mobile is only growing, are you growing with it?
Mobile access isn’t slowing down anytime soon, in fact it is growing. With developers rushing to build a 5G network, it is time to join the mobile bandwagon. A text message is sure to get the attention of a potential client! With new mobile integrations, text messages from mobile to tablet and even to desktop, you are more likely to receive a response. 
 
3. Are you understanding how your customers communicate?
With Millennials creating more influence with communication methods, people are adapting to the changes. This doesn’t mean that SnapChat will become the next communication method, but it does mean that adaptation to change is imperative to growth. Understanding how your customers communicate and providing the opportunity to communicate via text as an option will give you a cutting edge.
 
4. Personal verses business, make sure you understand the difference.
Business text message still must remain professional. Continue to proof read your messages. Speak-to-text could kill your intended message. Be professional in a person way. Remember, just because it is a text message, it does not mean that you can interrupt personal time. Avoid texting after 5pm and on weekends, you want to build a relationship not hurt your opportunity.
 
5. Are you trying to sell something? DO NOT do it over text!
As we all know, we are trying to be sold on something daily! Text messages are intimate and trying to sell someone over text message creates the wrong message. Use this opportunity to build a relationship with someone verses trying to make your next sale. Let your client open the dialog for a sale opportunity, let them walk you through the potential sale.
Read More...

Critical Vulnerability

Update your ASAs IMMEDIATELY

By Liam Keegan - January 30, 2018

ASA Vulnerability 

There's a nasty bug out there for ASAs (Adapative Security Appliance) that have Webvpn enabled. If the command "webvpn" is present in your ASA configuration, you're vulnerable. If you're running Anyconnect for VPN, you probably do.

What is affected?

All ASAs running 8.x software or later. Also, FTD appliances that are running 6.2.2 are vulnerable.

What's the risk?

If a malicious XML file is sent to the ASA, the firewall could reload or execute arbitrary commands. There's nothing out in the wild (that anyone knows of), but assume that it's just a matter of time.

How do I fix this?

Simple! Patch early and patch often. For FTD systems, there's a hotfix out.

Where's the Cisco PSIRT link?

Right here:
Cisco ADA
As always, please reach out if you need any assistance getting this resolved.
Read More...