Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 345
  • Last Modified:

Disbale SSL v3 -for all browser -Domain level

Its Regarding: CVE-2014-3566 (POODLE) (2092133)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133

Need to understand any impact on VM Environment like 3.5,4.1,5.x?
> How can we disable this for multiple VMs/machine in domain[not in domain] running with browser having ssl v3?

Please advise best practice to get this resolved on Windows and VMware and in linux as well ?

Thanks.
0
patron
Asked:
patron
  • 3
  • 3
3 Solutions
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Need to understand any impact on VM Environment like 3.5,4.1,5.x?

NONE, it's an attack against the Web Browser. As a Web browser is a client function, it's your computers which have and use a Web Browser which are at risk!

So your Windows 7 and Windows 8 Desktops.

Therefore - Disable SSLv3 in the Web Browser.

If you have a Domain using Group Policies would be a good method, otherwise manually, scripts, registries.

How do you currently manage your non domain computers, use the same procedure you would use to administer a security patch.
0
 
patronAuthor Commented:
Great,Thanks

how can we deeply this @domain level ?

we have less number of non domain ..but for dmz..is it required ?

and best practice we can follow for systems not in domain?

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
how can we deeply this @domain level ?

Yes, you can create a Group Policy for all your workstations, If you use Group Policy. It's a setting which you disable like any other Windows setting, for Internet Explorer.

we have less number of non domain ..but for dmz..is it required ?

Do you use browsers in the DMZ, just Disable SSL3 on the Browser on the computer. Access the risk in your DMZ!

and best practice we can follow for systems not in domain?

If you feel, you are at risk - Disable SSL3. (in the browser!)

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?

Patches will be relased over time, just Disable SSL3.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
patronAuthor Commented:
so no impact on 3.5 and 4.x ?..is it supported in 3.x and 4.x ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Correct, it's WEB BROWSER!
0
 
patronAuthor Commented:
Thank you.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now