Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 7219 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DROWN Vulnerability: Blocking SSLv2 with UTM9

scottsisco

Hello,

I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability. We have a couple of servers susceptible to the attack and it would be nice to first block the attack at the UTM while we work on patching our servers siting underneath it.

I understand how to write the sources and destinations part of the firewall rule, but I am unsure how to define the services part of the rule for SSLv2 or if this is even possible. Maybe this is something Sophos will take care with a new IPS rule and I do not need to worry, but I'm trying to be proactive.

Any guidance would be greatly appreciated.

Regards,

Scott



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Scott, and welcome to the UTM Community!

    If you are using Webserver Protection, your servers are protected.  If you are using DNATs to forward traffic to your servers, you can't get any help with SSLv2 from the UTM.

    Cheers - Bob

    PS (added 04 MAR 2016) You can see that this is the case because  # grep SSLProtocol /var/chroot-reverseproxy/usr/apache/conf/httpd.conf
    returns SSLProtocol all -SSLv2 -SSLv3

  • 0 in reply to BAlfson

    Webserver Protection is indeed the path I need to go down. Thank you, Bob!

Reply Children
No Data