Welcome, Guest. Please login or register.
Did you miss your activation email?
Monday 25 November 2024, 01:08:57 pm

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Vulnerabilities
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Vulnerabilities  (Read 14479 times)
fackler
Jr. Member
*
Offline Offline

Posts: 6


« on: Wednesday 20 January 2010, 07:29:40 am »

I have been setting up EFW for evaluation for going into a production area and part of the eval is to run security scans on it.  So I run Nessus on the thing and come back with a disconcerting number of vulnerabilities for what is supposed to be a network securing device.  Here are some of the vulnerabilities:

80   tcp   HTTP Server           Medium   HTTP TRACE / TRACK Methods Allowed

3001   tcp   NTOP Server   Medium   SSL Medium Strength Cipher Suites Supported
                            Medium   SSL Weak Cipher Suites Supported
                            Medium   SSL Certificate Expiry
                            Medium   SSL Version 2 (v2) Protocol Detection

10443   tcp   HTTPS Server   Medium   SSL Weak Cipher Suites Supported
                            Medium   SSL Medium Strength Cipher Suites Supported


Whats the deal guys?  Did you forget to test your product against a vulnerability scanner?  Some of you may be thinking, "Yes, but those ports are only exposed internally."  I may end up having to use that excuse, er mitigating control, but that still presents me with something I have to convince my auditor about, and I don't like the implications towards real security.  I wouldn't be so grouchy if you didn't go and move all the furniture around though, what the heck did you do with ssl.conf? And how do I secure NTOP's little server?


Logged
kcwhited
Jr. Member
*
Offline Offline

Posts: 8


« Reply #1 on: Thursday 28 January 2010, 08:02:18 am »

I have a similar issue,  anyone know where to find ssl.conf would be appreciated 
not sure what you are looking for with NTOP though...
Logged
fackler
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Thursday 11 February 2010, 07:58:41 am »

NTOP is where the "Traffic Graphs" page in the "Status" section comes from.  If you go to "Services"->"Traffic Monitoring"  then click on "Enable Traffic Monitoring"  you will activate the NTOP web server.  It is hosted at port 3001.  It will give you loads of nifty information about your network traffic.

I think that the only thing you turn off with the "Enable Traffic Monitoring" button is NTOP's web server because the "Status"->"Traffic Graphs" pages seems unaffected by turning off "Traffic Monitoring".  The problem with NTOP's little web server though is that they used a weak cipher suite and the certificate has expired.

So every time I scan the firewall I get those vulnerabilities.  It is uncomfortable to say the least when you are trying to explain to the security auditor why your primary network securing device has vulnerabilities like this.

So I guess the it comes down to: how do I update/change the SSL certificates for EFW's http interface and how do I do the same for NTOP's web server?
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com