Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall - Port 443 Encryption Algorithm

Posted on 2011-09-09
3
Medium Priority
?
2,296 Views
Last Modified: 2012-05-12
During a recent security audit, I was informed that our Sonicwall device needed to support a stronger encryption algorithm for 443 TCP/HTTPS connections. The auditors reported that 443 was using the RC4-128 Bit cipher. I found an option for SSL VPN (which we are running over 4433) and I changed that to an AES cipher, but I do not see an option to change the cipher for 443 connections to the Sonicwall.
Is it possible to update the cipher setting for port 443 connections?
The only 443 connection we use is for configuration management.
I am running a Sonicwall NSA240, SonicOS Enhanced 5.8.1.0-30o
0
Comment
Question by:prsbyrd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 36513472
Did they say that specifically FOR the sonicwall or devices on your network on the other side of the sonicwall? Also, I believe that increasing the ssl-vpn encryption would cover that nicely. As you said, the only other thing I can think of is the management interface, and why would they care what the encryption level is? You could purchase an SSL certificate and import that to the sonicwall rather than using a self-signed cert.
0
 

Author Comment

by:prsbyrd
ID: 36513666
Thanks. Those were my thoughts as well.
They specifically referenced the outside interface IP on the Sonicwall and the 443 TCP/HTTPS port/service.
I think if anything, we can just remove management/user login from that interface altogether. Both are currently enabled on that interface.
0
 
LVL 33

Expert Comment

by:digitap
ID: 36513760
I know there is a lot of back and forth regarding leaving management enabled on that interface. We change the port for management on that interface not only as a part of security, but also because we have 443 redirection into an internal server.

You lose another way of managing the sonicwall in the event something goes south and you can't establish a VPN in. I'd suggest an out of band connectivity method.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question