Disbale SSL v3 -for all browser -Domain level

Its Regarding: CVE-2014-3566 (POODLE) (2092133)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133

Need to understand any impact on VM Environment like 3.5,4.1,5.x?
> How can we disable this for multiple VMs/machine in domain[not in domain] running with browser having ssl v3?

Please advise best practice to get this resolved on Windows and VMware and in linux as well ?

Thanks.
LVL 1
patronTechnical consultant Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Need to understand any impact on VM Environment like 3.5,4.1,5.x?

NONE, it's an attack against the Web Browser. As a Web browser is a client function, it's your computers which have and use a Web Browser which are at risk!

So your Windows 7 and Windows 8 Desktops.

Therefore - Disable SSLv3 in the Web Browser.

If you have a Domain using Group Policies would be a good method, otherwise manually, scripts, registries.

How do you currently manage your non domain computers, use the same procedure you would use to administer a security patch.
0
patronTechnical consultant Author Commented:
Great,Thanks

how can we deeply this @domain level ?

we have less number of non domain ..but for dmz..is it required ?

and best practice we can follow for systems not in domain?

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
how can we deeply this @domain level ?

Yes, you can create a Group Policy for all your workstations, If you use Group Policy. It's a setting which you disable like any other Windows setting, for Internet Explorer.

we have less number of non domain ..but for dmz..is it required ?

Do you use browsers in the DMZ, just Disable SSL3 on the Browser on the computer. Access the risk in your DMZ!

and best practice we can follow for systems not in domain?

If you feel, you are at risk - Disable SSL3. (in the browser!)

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?

Patches will be relased over time, just Disable SSL3.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

patronTechnical consultant Author Commented:
so no impact on 3.5 and 4.x ?..is it supported in 3.x and 4.x ?
0
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Correct, it's WEB BROWSER!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
patronTechnical consultant Author Commented:
Thank you.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.