Meraki

Community

Performing a Security Assessment on MX95 Appliance

ArcherFX
Conversationalist
‎Jan 18 2024 10:33 AM
‎Jan 18 2024 10:33 AM

Performing a Security Assessment on MX95 Appliance

Not sure this is the right board but I have a client that requested my company to perform a security assessment on their MX95 appliance. I was wondering if there is a checklist on what to review for best practice security on Meraki's.

Something like...

Password policy

Timeout length

Is SSO configured

2fa enabled enforced

Review local users

 

Thanks

0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Jan 18 2024 10:42 AM
‎Jan 18 2024 10:42 AM

Check some documentation that can help you.

 

General MX Best Practices - Cisco Meraki Documentation

 

MX Security Appliance FAQ - Cisco Meraki Documentation

 

MX Sizing Guide & Principles - Cisco Meraki Documentation

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
DarrenOC
Kind of a big deal
Kind of a big deal
‎Jan 18 2024 11:49 AM
‎Jan 18 2024 11:49 AM

Hi @ArcherFX , are they expecting you to perform a pen-test or vulnerability assessment or literally just review the configuration against best practices?

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
0 Kudos
In response to DarrenOC
ArcherFX
Conversationalist
‎Jan 18 2024 2:43 PM
‎Jan 18 2024 2:43 PM

Just review config against best practices.

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 18 2024 12:04 PM
‎Jan 18 2024 12:04 PM

I also tend to make comment about these settings (I usually label this bit of the report an "audit" of the current state).

 

* Threat Protection settings (is it on or off, and if on what level is it set to).  Is there anything bypassing IPS?  If so, is that still valid?
* AMP [Advanced Malware Protection] (is it on or off).  Are there any exclusions?  Are those still valid?

* Content filtering settings (on or off, exclusions, same as above)

* Is the device running the current stable firmware version or better?

* Are the configured destinations for alerts still valid (people come and go)

 

I also do a review of anything in the security centre.  Is there anything of interest?  Have there been any changes to existing trends?

 

I'll also have a peek at traffic analytics.  Is the kind of traffic what I would not expect to be seeing for this kind of company?  For example is there a lot of traffic to an unknown port, or is there 1000 hours spent on social media sites per week, etc.

In response to PhilipDAth
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jan 18 2024 2:37 PM
‎Jan 18 2024 2:37 PM

I would also add FW rules to that list. It's easy to set up rules and then 6 months later they are redundant for what ever reason. 

 

We review our firewall rules bi-annually. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.