This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG/UTM and BEAST attacks

Does anyone know if Astaro ASG V8 is susceptible to BEAST (Browser Exploit Against SSL/TLS) style attacks? A recent security scan of our site flagged this vulnerability on port 465 of our box, which I think is used by the mail proxy.

From my limited understanding of BEAST, this vulnerability can only be exploited in very restricted circumstances in HTTPS sessions, so this security scan result is most likely a false positive - but does anyone know of a definitive statement of some sort that I could show to my superiors?

If this really is an issue, has it been addressed in UTM9?

Thanks for any light anyone can shine on this.

Ifor

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 12 years ago

I'm fairly sure that if you are on the latest 8.*** build that this is a false positive; you'd be best served to start a support case with Sophos to get the definitive answer.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 12 years ago

I'm fairly sure that if you are on the latest 8.*** build that this is a false positive; you'd be best served to start a support case with Sophos to get the definitive answer.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data