Weak cipher used with SSL profiles-bluecoat-sgos
Vendor: bluecoat
OS: sgos
Description:
Certain ciphers are now considered weak. Indeni will alert if any SSL profiles are set to use them.
Remediation Steps:
User is advised to reconfigure the SSL cipher used in the affected profile.
|1. Login via SSH to the Bluecoat ProxySG and enter privileged mode.
|2. Run the following commands: config t
How does this work?
Indeni logs in over SSH in privilegd mode and executes the following command: show ssl ssl-client default.
Why is this important?
Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
Without Indeni how would you find this?
Login via SSH to the Bluecoat ProxySG and run the following commands: show ssl ssl-client default. locate the cipher suite and protocol lines and list the vulnerable ciphers and protocols.
bluecoat-view-ssl
name: bluecoat-view-ssl
description: Find usage of weak ciphers and vulnerable protocols
type: monitoring
monitoring_interval: 59 minutes
requires:
vendor: bluecoat
os.name: sgos
privileged-mode: 'true'
comments:
ssl-weak-cipher:
why: |
Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
how: |
Indeni logs in over SSH in privilegd mode and executes the following command: show ssl ssl-client default.
can-with-snmp: false
can-with-syslog: false
ssl-weak-protocol:
why: |
Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
how: |
Indeni logs in over SSH in privilegd mode and executes the following commands: show ssl ssl-client default.
can-with-snmp: false
can-with-syslog: false
steps:
- run:
type: SSH
file: view-ssl.remote.1.bash
parse:
type: AWK
file: view-ssl.parser.1.awk
CrossVendorSslWeakCipherRule
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorSslWeakCipherRule.scala