Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

PCI scan failed due to Beast exploit on port 443 and 10442

Posted on 2013-01-04
5
Medium Priority
?
2,297 Views
Last Modified: 2013-01-09
We had a PCI scan done and they checked the IP of the firewall and comes back with problems with port 443 and 10443 (SSL VPN) and the remidition is:

Affected users should disable all block-based cipher
suites in the server's SSL configuration and only support
RC4 ciphers, which are not vulnerable to fully address
this vulnerability. This vulnerability was addressed in
TLS version 1.1/1.2, however, support for these newer
TLS versions is not widely supported at the time of this
writing, making it difficult to disable earlier versions.
Additionally, affected users can also configure SSL to
prefer RC4 ciphers over block-based ciphers to limit, but
not eliminate, exposure. Affected users that implement
prioritization techniques for mitigation as described
above should appeal this vulnerability and include
details of the SSL configuration.


I have Fortigate 80CM and don't see where I can change that. I have disabled HTTPS mgmt on the interface and disabled SSL VPN so that should take care of this. However if I NMAP on those two ports it still shows as filtered unknown or udp open

PORT      STATE         SERVICE VERSION

10443/tcp filtered      unknown

10443/udp open|filtered unknown

Too many fingerprints match this host to give specific OS details

I also created a firewall rule to block traffic from any to that WAN IP on port 10443 and 443 and still shows as filtered

Or is there a way to change to RC4 encryption so Trustwave's PCI scan doesn't find that vulnerability?
0
Comment
Question by:piotrmikula108
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 12

Expert Comment

by:aindelicato
ID: 38745257
Have you tried filing an exception showing screenshots of the service disabled and FW rule denying traffic to those ports?
0
 
LVL 1

Author Comment

by:piotrmikula108
ID: 38745273
I will do that after running a new scan, should be done soon
0
 
LVL 12

Expert Comment

by:aindelicato
ID: 38745291
I've come to learn that I can't make EVERY vulnerability disappear from scan reports.  So if I've exhausted all my resources, I file an exception with supporting documentation.
0
 
LVL 1

Accepted Solution

by:
piotrmikula108 earned 0 total points
ID: 38745385
new scan PASSSed, looks like what I did prevents the exploits
0
 
LVL 1

Author Closing Comment

by:piotrmikula108
ID: 38758264
new scan PASSSed, looks like what I did prevents the exploits
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question