Question Cyber project - used hardware security trusty or no?

[brom2855]

Morning all, how you doing?

Ok, so I'm working on a cybersecurity project for showcasing research skills. Using fictional company and handful of Kali Linux tools like Fierce, boom, laid out how a hacker enters the unprotected system and does whatever his evil plan is.

Already assembled lists of software-based solutions, such as ESET and other AVs. I'm looking at the hardware side, seeing routers w/ VPN built in, firewalls with extras like anti-phishing, and etc.

Initially thought setup the security measures, everyone gets appropriate training, and then arguably that should suffice. Yet, given how quickly IT field keeps developing, updates are needed. This has me stumped: from a security standpoint, is it advisable or no to buy secondhand/used or refurbished firewalls and whatnot? The posts I've seen on Reddit are mixed: some say not worth, others say helps with budget but verify it has warranty and manufacturer's support.

Appreciate your thoughts!

 

[kanewolf]

Morning all, how you doing?

Ok, so I'm working on a cybersecurity project for showcasing research skills. Using fictional company and handful of Kali Linux tools like Fierce, boom, laid out how a hacker enters the unprotected system and does whatever his evil plan is.

Already assembled lists of software-based solutions, such as ESET and other AVs. I'm looking at the hardware side, seeing routers w/ VPN built in, firewalls with extras like anti-phishing, and etc.

Initially thought setup the security measures, everyone gets appropriate training, and then arguably that should suffice. Yet, given how quickly IT field keeps developing, updates are needed. This has me stumped: from a security standpoint, is it advisable or no to buy secondhand/used or refurbished firewalls and whatnot? The posts I've seen on Reddit are mixed: some say not worth, others say helps with budget but verify it has warranty and manufacturer's support.

Appreciate your thoughts!

If you want vendor support, then most used enterprise equipment is off-the-table because the vendors won't provide support or updates without a service contract and they won't provide contracts for used, resold equipment.

 

[COLGeek]

Of course, your budget matters.

Used devices are safe to use. Just ensure they are factory reset and then configured properly.

kanewolf makes a good point. Do you expect vendor support, or not?

 

[hotaru.hino]

I'd say find the equipment that meets the basic needs. While being up to date with cybersecurity is important, how up to date you need to be depends on where you're starting from. If you're just doing stuff from the basics and getting what's essentially the minimum required to secure a network from like 99% of threats, then I'd argue you don't need anything bleeding edge.

 

[brom2855]

I was under the impression vendor support for said used hardware is vital (tech support, firmware updates, etc.). So you're saying confirm w/ vendor about what's supported and boom! you should be good to go.

 

[kanewolf]

I was under the impression vendor support for said used hardware is vital (tech support, firmware updates, etc.). So you're saying confirm w/ vendor about what's supported and boom! you should be good to go.

Be VERY specific when asking about vendor support. Where you buy something, can impact your ability to get support. The age of hardware can impact support. 5 years is typical, after that all bets are off. Vendor support may require purchasing a service contract just to get firmware downloads.

 

[Ralston18]

And I will offer the thought that any given vendor/company etc., may go out of business via outright failure, corruption, bankruptcy (deliberate or otherwise), being bought out by a competitor or other entity and then just no longer in any sort of operational or legal existence.

Making any support warranties moot.

Cynicism conceded.