Weak security protocol used with SSL profiles-bluecoat-sgos

Knowledge
, ,
#1

Weak security protocol used with SSL profiles-bluecoat-sgos

Vendor: bluecoat

OS: sgos

Description:
Certain security protocols are now considered weak. Indeni will alert if any SSL profiles are set to use them.

Remediation Steps:
User is advised to reconfigure the security protocol used in the affected profile.

|1. Login via SSH to the Bluecoat ProxySG and enter privileged mode.
|2. Run the following commands: config t

How does this work?
Indeni logs in over SSH in privilegd mode and executes the following commands: show ssl ssl-client default.

Why is this important?
Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.

Without Indeni how would you find this?
Login via SSH (Privileged mode) to the Bluecoat ProxySG and run the following commands: show ssl ssl-client default. locate the cipher suite and protocol lines and list the vulnerable ciphers and protocols.

bluecoat-view-ssl

name: bluecoat-view-ssl
description: Find usage of weak ciphers and vulnerable protocols
type: monitoring
monitoring_interval: 59 minutes
requires:
    vendor: bluecoat
    os.name: sgos
    privileged-mode: 'true'
comments:
    ssl-weak-cipher:
        why: |
            Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
        how: |
            Indeni logs in over SSH in privilegd mode and executes the following command: show ssl ssl-client default.
        can-with-snmp: false
        can-with-syslog: false
    ssl-weak-protocol:
        why: |
            Weak protocols could enable for man in the middle attacks. Administrators would ideally want to keep track of their cipher string configurations in order to protect their clients against known attack vectors.
        how: |
            Indeni logs in over SSH in privilegd mode and executes the following commands: show ssl ssl-client default.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: view-ssl.remote.1.bash
    parse:
        type: AWK
        file: view-ssl.parser.1.awk

CrossVendorSslWeakProtocolRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/CrossVendorSslWeakProtocolRule.scala