Solved

Disbale SSL v3 -for all browser -Domain level

Posted on 2014-10-17
6
327 Views
Last Modified: 2014-10-22
Its Regarding: CVE-2014-3566 (POODLE) (2092133)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133

Need to understand any impact on VM Environment like 3.5,4.1,5.x?
> How can we disable this for multiple VMs/machine in domain[not in domain] running with browser having ssl v3?

Please advise best practice to get this resolved on Windows and VMware and in linux as well ?

Thanks.
0
Comment
Question by:patron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386290
Need to understand any impact on VM Environment like 3.5,4.1,5.x?

NONE, it's an attack against the Web Browser. As a Web browser is a client function, it's your computers which have and use a Web Browser which are at risk!

So your Windows 7 and Windows 8 Desktops.

Therefore - Disable SSLv3 in the Web Browser.

If you have a Domain using Group Policies would be a good method, otherwise manually, scripts, registries.

How do you currently manage your non domain computers, use the same procedure you would use to administer a security patch.
0
 
LVL 1

Author Comment

by:patron
ID: 40386331
Great,Thanks

how can we deeply this @domain level ?

we have less number of non domain ..but for dmz..is it required ?

and best practice we can follow for systems not in domain?

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?
0
 
LVL 121

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386371
how can we deeply this @domain level ?

Yes, you can create a Group Policy for all your workstations, If you use Group Policy. It's a setting which you disable like any other Windows setting, for Internet Explorer.

we have less number of non domain ..but for dmz..is it required ?

Do you use browsers in the DMZ, just Disable SSL3 on the Browser on the computer. Access the risk in your DMZ!

and best practice we can follow for systems not in domain?

If you feel, you are at risk - Disable SSL3. (in the browser!)

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?

Patches will be relased over time, just Disable SSL3.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:patron
ID: 40386406
so no impact on 3.5 and 4.x ?..is it supported in 3.x and 4.x ?
0
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386646
Correct, it's WEB BROWSER!
0
 
LVL 1

Author Closing Comment

by:patron
ID: 40398350
Thank you.
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question