Weak cipher used with SSL profiles-bluecoat-sgos

Weak cipher used with SSL profiles-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Certain ciphers are now considered weak. Indeni will alert if any SSL profiles are set to use them.

Remediation Steps:
User is advised to reconfigure the SSL cipher used in the affected profile.

|1. Login via SSH to the Bluecoat ProxySG and enter privileged mode.
|2. Run the following commands: config t

How does this work?
Indeni logs in over SSH in privilegd mode and executes the following command: show ssl ssl-client default.

Why is this important?
Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.

Without Indeni how would you find this?
Login via SSH to the Bluecoat ProxySG and run the following commands: show ssl ssl-client default. locate the cipher suite and protocol lines and list the vulnerable ciphers and protocols.

bluecoat-view-ssl

name: bluecoat-view-ssl
description: Find usage of weak ciphers and vulnerable protocols
type: monitoring
monitoring_interval: 59 minutes
requires:
    vendor: bluecoat
    os.name: sgos
    privileged-mode: 'true'
comments:
    ssl-weak-cipher:
        why: |
            Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
        how: |
            Indeni logs in over SSH in privilegd mode and executes the following command: show ssl ssl-client default.
        can-with-snmp: false
        can-with-syslog: false
    ssl-weak-protocol:
        why: |
            Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
        how: |
            Indeni logs in over SSH in privilegd mode and executes the following commands: show ssl ssl-client default.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: view-ssl.remote.1.bash
    parse:
        type: AWK
        file: view-ssl.parser.1.awk

CrossVendorSslWeakCipherRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorSslWeakCipherRule.scala