EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Tuesday 26 November 2024, 10:54:29 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the Official Endian Reference Manual
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Vulnerabilities
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Vulnerabilities (Read 14485 times)
fackler
Jr. Member
Offline
Posts: 6
Vulnerabilities
«
on:
Wednesday 20 January 2010, 07:29:40 am »
I have been setting up EFW for evaluation for going into a production area and part of the eval is to run security scans on it. So I run Nessus on the thing and come back with a disconcerting number of vulnerabilities for what is supposed to be a network securing device. Here are some of the vulnerabilities:
80 tcp HTTP Server Medium HTTP TRACE / TRACK Methods Allowed
3001 tcp NTOP Server Medium SSL Medium Strength Cipher Suites Supported
Medium SSL Weak Cipher Suites Supported
Medium SSL Certificate Expiry
Medium SSL Version 2 (v2) Protocol Detection
10443 tcp HTTPS Server Medium SSL Weak Cipher Suites Supported
Medium SSL Medium Strength Cipher Suites Supported
Whats the deal guys? Did you forget to test your product against a vulnerability scanner? Some of you may be thinking, "Yes, but those ports are only exposed internally." I may end up having to use that excuse, er mitigating control, but that still presents me with something I have to convince my auditor about, and I don't like the implications towards real security. I wouldn't be so grouchy if you didn't go and move all the furniture around though, what the heck did you do with ssl.conf? And how do I secure NTOP's little server?
Logged
kcwhited
Jr. Member
Offline
Posts: 8
Re: Vulnerabilities
«
Reply #1 on:
Thursday 28 January 2010, 08:02:18 am »
I have a similar issue, anyone know where to find ssl.conf would be appreciated
not sure what you are looking for with NTOP though...
Logged
fackler
Jr. Member
Offline
Posts: 6
Re: Vulnerabilities
«
Reply #2 on:
Thursday 11 February 2010, 07:58:41 am »
NTOP is where the "Traffic Graphs" page in the "Status" section comes from. If you go to "Services"->"Traffic Monitoring" then click on "Enable Traffic Monitoring" you will activate the NTOP web server. It is hosted at port 3001. It will give you loads of nifty information about your network traffic.
I think that the only thing you turn off with the "Enable Traffic Monitoring" button is NTOP's web server because the "Status"->"Traffic Graphs" pages seems unaffected by turning off "Traffic Monitoring". The problem with NTOP's little web server though is that they used a weak cipher suite and the certificate has expired.
So every time I scan the firewall I get those vulnerabilities. It is uncomfortable to say the least when you are trying to explain to the security auditor why your primary network securing device has vulnerabilities like this.
So I guess the it comes down to: how do I update/change the SSL certificates for EFW's http interface and how do I do the same for NTOP's web server?
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.094 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com