Solved

Disbale SSL v3 -for all browser -Domain level

Posted on 2014-10-17
6
319 Views
Last Modified: 2014-10-22
Its Regarding: CVE-2014-3566 (POODLE) (2092133)

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2092133

Need to understand any impact on VM Environment like 3.5,4.1,5.x?
> How can we disable this for multiple VMs/machine in domain[not in domain] running with browser having ssl v3?

Please advise best practice to get this resolved on Windows and VMware and in linux as well ?

Thanks.
0
Comment
Question by:patron
  • 3
  • 3
6 Comments
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386290
Need to understand any impact on VM Environment like 3.5,4.1,5.x?

NONE, it's an attack against the Web Browser. As a Web browser is a client function, it's your computers which have and use a Web Browser which are at risk!

So your Windows 7 and Windows 8 Desktops.

Therefore - Disable SSLv3 in the Web Browser.

If you have a Domain using Group Policies would be a good method, otherwise manually, scripts, registries.

How do you currently manage your non domain computers, use the same procedure you would use to administer a security patch.
0
 
LVL 1

Author Comment

by:patron
ID: 40386331
Great,Thanks

how can we deeply this @domain level ?

we have less number of non domain ..but for dmz..is it required ?

and best practice we can follow for systems not in domain?

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?
0
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386371
how can we deeply this @domain level ?

Yes, you can create a Group Policy for all your workstations, If you use Group Policy. It's a setting which you disable like any other Windows setting, for Internet Explorer.

we have less number of non domain ..but for dmz..is it required ?

Do you use browsers in the DMZ, just Disable SSL3 on the Browser on the computer. Access the risk in your DMZ!

and best practice we can follow for systems not in domain?

If you feel, you are at risk - Disable SSL3. (in the browser!)

how can we have patch to deploy using our patching mechanism like wsus etc

is there any patch available now from ms and firebox  ? or any other browser vendor ?

Patches will be relased over time, just Disable SSL3.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:patron
ID: 40386406
so no impact on 3.5 and 4.x ?..is it supported in 3.x and 4.x ?
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40386646
Correct, it's WEB BROWSER!
0
 
LVL 1

Author Closing Comment

by:patron
ID: 40398350
Thank you.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question