Weak cipher used with SSL profiles-f5-False

error
false
best-practices
regulatory-complianc
f5
Weak cipher used with SSL profiles-f5-False
0

#1

Weak cipher used with SSL profiles-f5-False

Vendor: f5

OS: False

Description:
Certain ciphers are now considered weak. indeni will alert if any SSL profiles are set to use them.

Remediation Steps:
Follow the knowledge articles listed in the affected profiles above. Since F5 devices present the attributes in alphabetical order (to the other side), be careful when adding a property.

How does this work?
This alert logs into the F5 and retrieves the cipher strings being used by each profile and scans for weak ciphers.

Why is this important?
Weak ciphers could allow for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.

Without Indeni how would you find this?
Log into the device through SSH. Enter TMSH and issue the command “cd /;list ltm profile client-ssl recursive ciphers renegotiation renegotiate-size” to retrieve a list of all SSL Client profiles and their ciphers. Then for each cipher string, issue the command "tmm --clientciphers ". Example: “tmm --clientciphers ‘!LOW:!SSLv3:!MD5:!RC4:!DHE:!EXPORT:ECDHE+AES-GCM:ECDHE:RSA+AES:RSA+3DES’”

f5-tmsh-list-profile-client-ssl-recursive-ciphers

 #! META
name: f5-tmsh-list-profile-client-ssl-recursive-ciphers
description: Find usage of weak ciphers
type: monitoring
monitoring_interval: 60 minutes
requires:
    vendor: "f5"
    product: "load-balancer"
    linux-based: "true"
    shell: "bash"

#! COMMENTS
ssl-weak-cipher:
    why: |
        Weak ciphers could allow for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
    how: |
        This alert logs into the F5 and retrieves the cipher strings being used by each profile and scans for weak ciphers.
    without-indeni: |
        Log into the device through SSH. Enter TMSH and issue the command "cd /;list ltm profile client-ssl recursive ciphers renegotiation renegotiate-size" to retrieve a list of all SSL Client profiles and their ciphers. Then for each cipher string, issue the command "tmm --clientciphers <cipher string>". Example: "tmm --clientciphers '!LOW:!SSLv3:!MD5:!RC4:!DHE:!EXPORT:ECDHE+AES-GCM:ECDHE:RSA+AES:RSA+3DES'"
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: Unknown
ssl-weak-protocol:
    why: |
        Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
    how: |
        This alert logs into the F5 and retrieves the cipher strings being used by each profile and scans for weak protocols.
    without-indeni: |
        Log into the device through SSH. Enter TMSH and issue the command "cd /;list ltm profile client-ssl recursive ciphers renegotiation renegotiate-size" to retrieve a list of all SSL Client profiles and their ciphers. Then for each cipher string, issue the command "tmm --clientciphers <cipher string>". Example: "tmm --clientciphers '!LOW:!SSLv3:!MD5:!RC4:!DHE:!EXPORT:ECDHE+AES-GCM:ECDHE:RSA+AES:RSA+3DES'"
    can-with-snmp: false
    can-with-syslog: false
    vendor-provided-management: Unknown

#! REMOTE::SSH
tmsh -q -c "cd /;list ltm profile client-ssl recursive ciphers renegotiation renegotiate-size" | awk "/^ltm profile client-ssl/ { print \"ProfileName: /\"\$4 };/^ +renegotiate-size/ { print \"Renegotiation-Size: \"\$2 };/^ +renegotiation/ { print \"Renegotiation: \"\$2 };/^ +ciphers/{ system(\"tmm --clientciphers \"\$2)}"
 
#! PARSER::AWK

#Cipher strings in an F5 can be comprised of a list of ciphers, or internal keywords such as DEFAULT, STRONG, WEAK etc
#Since the meaning of keywords changes between versions it's a bit of a trouble to write a script that matches all versions
#Instead, this script utilized F5's built-in command "tmm --clientciphers", which translates a cipher string to the actual
#ciphers behind the keywords

#Since the command results in a lot of lines if there is many ssl profiles I have chosen to only pick the properties I need at the moment
#This means that we need:
#Profile name - For tagging
#Ciphers - To be used as parameter to the tmm command
#Renegotiation - For Sweet32 
#Renegotiate-size - For Sweet32

#At the moment Renegotiation is the last one at the moment and thus where we write the metrics, but this could change if another property is added.
#Since the F5 presents the attributes in alphabetical order, be careful when adding a property

#Knowledge base articles
#POODLE         - https://support.f5.com/csp/#/article/K15702
#SWEET32        - https://support.f5.com/csp/#/article/K13167034 (or my document)
#DROWN          - https://support.f5.com/csp/#/article/K23196136
#Bar Mitzvah    - https://support.f5.com/csp/#/article/K16864

BEGIN {
    #Let's establish a list of the default SSL profiles in order to exclude them
    #They should never be used anyway and would cause a lot of false alarms
    profileExceptionList["/Common/clientssl-insecure-compatible"]
    profileExceptionList["/Common/clientssl-insecure-compatible"]
    profileExceptionList["/Common/clientssl"]
    profileExceptionList["/Common/clientssl-insecure-compatible"]
    profileExceptionList["/Common/wom-default-clientssl"]
}

/^ProfileName:/ {
    profileName = $2

    #Reset the variables
    SSLv2 = 0
    SSLv3 = 0
    RC4 = 0
    sweet32Ciphers = 0
}

#12:    22  DHE-RSA-DES-CBC3-SHA             168  TLS1    Native  DES       SHA     EDH/RSA
/DES-CBC3/{
    #Ciphers vulnerable to Sweet32 detected
    sweet32Ciphers = 1
}

/SSL3/{
    #Make sure we're in the table by counting number of fields
    if($NF > 2){
        SSLv3 = 1
    }
}

/SSL2/{
    #Make sure we're in the table by counting number of fields
    if($NF > 2){
        SSLv2 = 1
    }
}

/RC4/{
    #Make sure we're in the table by counting number of fields
    if($NF > 2){
        RC4 = 1
    }
}

/^Renegotiation-Size:/{
    renegotiateSize = $2
    
    #Renegotiation-size: indefinite
    if(renegotiateSize == "indefinite"){
        #Renegotiation size has been set to indefinite
        #Setting it to 0 in order to be able to compare integers
        renegotiateSize = 0
    }
}

/Renegotiation:/{

    if(!(profileName in profileExceptionList)){
    
        #Sweet32 uses long lived connections with enabled renegotiations
        #To mititgate Sweet32 renegotiations must be disabled, or either:
        #Rrenegotiation size set to less than 1000
        #The affected ciphers not present
        
        if($2 == "enabled" && renegotiateSize <= 1000 && sweet32Ciphers == 1){
            sweet32Tags["name"] = profileName
            sweet32Tags["type"] = "Client SSL profile"
            sweet32Tags["cipher"] = "DES-CBC3"
            sweet32Tags["vulnerability"] = "SWEET32"
            sweet32Tags["im.dstype.displaytype"] = "state"
            writeDoubleMetric("ssl-weak-cipher", sweet32Tags, "gauge", 3600, 1)
        }
        
        #SSLv3 is consider not only weak, but more or less compromised (ie. Poodle)
        if(SSLv3 == 1){
            sslv3Tags["name"] = profileName
            sslv3Tags["type"] = "Client SSL profile"
            sslv3Tags["protocol"] = "SSLv3"
            sslv3Tags["vulnerability"] = "POODLE"
            sslv3Tags["im.dstype.displaytype"] = "state"
            writeDoubleMetric("ssl-weak-protocol", sslv3Tags, "gauge", 3600, 1)
        }
        
        #SSLv2 is considered compromised (Drown)
        if(SSLv2 == 1){
            sslv2Tags["name"] = profileName
            sslv2Tags["type"] = "Client SSL profile"
            sslv2Tags["protocol"] = "SSLv2"
            sslv2Tags["vulnerability"] = "DROWN"
            sslv2Tags["im.dstype.displaytype"] = "state"
            writeDoubleMetric("ssl-weak-protocol", sslv2Tags, "gauge", 3600, 1)
        }
        
        #RC4 is considered a weak cipher and there has been indications that is has
        #been compromised by certain government agencies
        if(RC4 == 1){
            rc4Tags["name"] = profileName
            rc4Tags["type"] = "Client SSL profile"
            rc4Tags["cipher"] = "RC4"
            rc4Tags["im.dstype.displaytype"] = "state"
            rc4Tags["vulnerability"] = "Bar Mitzvah"
            writeDoubleMetric("ssl-weak-cipher", rc4Tags, "gauge", 3600, 1)
        }
    }
}

f5_ssl_weak_cipher

package com.indeni.server.rules.library.templatebased.f5

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.templates.StateDownTemplateRule
/**
  *
  */
case class f5_ssl_weak_cipher() extends StateDownTemplateRule(
  ruleName = "f5_ssl_weak_cipher",
  ruleFriendlyName = "F5 Devices: Weak cipher used with SSL profiles",
  ruleDescription = "Certain ciphers are now considered weak. indeni will alert if any SSL profiles are set to use them.",
  metricName = "ssl-weak-cipher",
  applicableMetricTag = "name",
  descriptionMetricTag = "cipher",
  alertIfDown = false,
  alertItemsHeader = "Affected Profiles",
  alertDescription = "Certain SSL profiles have a weak cipher and are potentially opening traffic to known vulnerabilities.\n\nThis alert was added per the request of <a target=\"_blank\" href=\"https://se.linkedin.com/in/patrik-jonsson-6527932\">Patrik Jonsson</a>.",
  baseRemediationText = "Follow the knowledge articles listed in the affected profiles above. Since F5 devices present the attributes in alphabetical order (to the other side), be careful when adding a property.",
  itemSpecificDescription = Seq(
    ".*DES-CBC3.*".r -> "The DES-CBC3 cipher is considered weak (vulnerability SWEET32). See https://support.f5.com/csp/#/article/K13167034",
    ".*RC4.*".r -> "The RC4 cipher is considered weak. See https://support.f5.com/csp/#/article/K16864",
    ".*".r -> "")
)()


#2