What You Need to Know to Protect Your Network
Yesterday, Cisco revealed a vulnerability with their ASA firewalls (CVE-2016-1287) where a hacker could exploit connections to affected systems. At MJJT and Barracuda, we’ve received questions from our NextGen Firewall customers in regards to this; therefore, we felt we should provide a direct answer and solution to this issue.
The problem lies in how the Cisco ASA products reassemble and package patchy Internet Key Exchange (IKE) payloads. Fortunately, Barracuda products do not use the payload manipulation found on the ASAs, so none of our customers are directly affected by the vulnerability. Our Enterprise NextGen Firewall uses a different VPN protocol between our devices (TINA + ESP), and also supports IPSec with IKEv1 and IKEv2, which are the most common use cases in regards to interoperability with other vendors’ equipment.
However, for customers who run tunnels from our products to the vulnerable ASAs, they could be affected if the Cisco device gets compromised. To make sure these customers are protected, firewall polices should be tightened by applying NextGen Firewall security controls, which inspect all network traffic using the built-in IPS, as well as, scans for viruses and advanced malware.
Prevent ASA vulnerabilities using Barracuda’s NextGen Firewall solutions, which provide advanced security and intelligent connectivity features that are ideal for anyone utilizing a heterogeneous IT environment.
Call us to improve your security posture in response to today’s threat environment.