Sonicwall TZ170 and Security vulnerability of enabling HTTPS "Remote Management"

trinle
trinle used Ask the Experts™
on
We have several Sonicwalls in place with a Box to Box VPN setup.  A 3rd party Security company did a port scan and said that port 443 was open to a potential hacker and needed stronger encryption.  I am not sure how to allow for remote management and keep the network secure.  Anyone familiar enough with Sonicwall TZ170 Std OSes?

Here is the results of their port scan:
TCP     443     https     *5*     Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers .html <http://www.openssl.org/docs/apps/ciphers.html> *Solution*: Reconfigure the affected application if possible to avoid use of weak ciphers. *Risk Factor*: Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More]
[Hide](26928)
TCP     443     https     *5*     Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits. *Solution*: Reconfigure the affected application if possible to avoid use of medium strength ciphers. *Risk Factor*: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [More]
[Hide](42873)
 
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
There are a 1000 ways to skin the technology cat.
Commented:
you should only allow remote VPN communications to your web Interface for management

Disallow this rule from your WAN interface.  

Author

Commented:
Thanks!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial