This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BEAST and CRIME Vulnerabilities

Are there any config settings in the home brew ASG UTM to mitigate reported vulnerabilities to BEAST and CRIME? I am currently using V8, but moving to 9 soon.

Any insight / help will be greatly appreciated. Thanks!

This thread was automatically locked due to age.

Parents

0 goodrick over 12 years ago

Interesting. I don't have that rule disabled. But that SSL Labs test shows my network as vulnerable to it. Is that because I have my web server listed in the IPS Performance Tuning (HTTP)?

Thanks!
Cancel
Vote Up 0 Vote Down

Cancel
0 TheDrew over 12 years ago in reply to goodrick

Are you by chance running this test? https://www.ssllabs.com/ssltest/

Failing that test means that your webserver is offering the less secure mode of TLS as an option to clients during the encryption negotiation. Webservers are reported as immune to these two as this attack only targets clients using a "man in the middle" attack.

As this is not an attack against your server (per se), it's not something IPS would protect against. Only way I can think of to mitigate this is to upgrade your webserver to a version that's patched against these two vulnerabilities.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 TheDrew over 12 years ago in reply to goodrick

Are you by chance running this test? https://www.ssllabs.com/ssltest/

Failing that test means that your webserver is offering the less secure mode of TLS as an option to clients during the encryption negotiation. Webservers are reported as immune to these two as this attack only targets clients using a "man in the middle" attack.

As this is not an attack against your server (per se), it's not something IPS would protect against. Only way I can think of to mitigate this is to upgrade your webserver to a version that's patched against these two vulnerabilities.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data