Solved

Disbale SSL v3 -for all browser -Domain level

Posted on 2014-10-17
6
320 Views
Last Modified: 2014-10-22
Its Regarding: CVE-2014-3566 (POODLE) (2092133)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133

Need to understand any impact on VM Environment like 3.5,4.1,5.x?
> How can we disable this for multiple VMs/machine in domain[not in domain] running with browser having ssl v3?

Please advise best practice to get this resolved on Windows and VMware and in linux as well ?

Thanks.
0
Comment
Question by:patron
  • 3
  • 3
6 Comments
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386290
Need to understand any impact on VM Environment like 3.5,4.1,5.x?

NONE, it's an attack against the Web Browser. As a Web browser is a client function, it's your computers which have and use a Web Browser which are at risk!

So your Windows 7 and Windows 8 Desktops.

Therefore - Disable SSLv3 in the Web Browser.

If you have a Domain using Group Policies would be a good method, otherwise manually, scripts, registries.

How do you currently manage your non domain computers, use the same procedure you would use to administer a security patch.
0
 
LVL 1

Author Comment

by:patron
ID: 40386331
Great,Thanks

how can we deeply this @domain level ?

we have less number of non domain ..but for dmz..is it required ?

and best practice we can follow for systems not in domain?

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?
0
 
LVL 120

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386371
how can we deeply this @domain level ?

Yes, you can create a Group Policy for all your workstations, If you use Group Policy. It's a setting which you disable like any other Windows setting, for Internet Explorer.

we have less number of non domain ..but for dmz..is it required ?

Do you use browsers in the DMZ, just Disable SSL3 on the Browser on the computer. Access the risk in your DMZ!

and best practice we can follow for systems not in domain?

If you feel, you are at risk - Disable SSL3. (in the browser!)

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?

Patches will be relased over time, just Disable SSL3.
0
Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 1

Author Comment

by:patron
ID: 40386406
so no impact on 3.5 and 4.x ?..is it supported in 3.x and 4.x ?
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386646
Correct, it's WEB BROWSER!
0
 
LVL 1

Author Closing Comment

by:patron
ID: 40398350
Thank you.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question