Solved

Qualys Vulnerablity Scanner - SSL/TLS Ciphers

Posted on 2016-09-26
5
50 Views
Last Modified: 2016-10-16
Hi,

Does anyone know if Qualys Vulnerability Scanner is able to detected the Ciphers that are active?

I am looking specifically for 192 3Des Ciphers in our environment.  I was told Qualys does not track this.

Thanks.
0
Comment
Question by:Member_2_7967562
  • 3
  • 2
5 Comments
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points (awarded by participants)
ID: 41817718
They have a equivalent online SSL cipher to detect the weak and existing active cipher checks @ https://www.ssllabs.com/ssltest/ so it should have the equivalent mechanism in their scanner services - Qualys Vulnerability mgmt. @ https://www.qualys.com/suite/vulnerability-management/features/

However, the scanner is not an asset inventory though it may list out the cipher due to vulnerability but it is not for tracking purpose. What you likely expect from its scanner service is they are discover the certificate which will reveal the cipher implemented in the devices that are reachable in your environment. You can possibly see those from the vulnerability report generated with the service port open etc but surely will not meet your idea of tracking and reveal all existing cipher if that is your requirement.
https://community.qualys.com/docs/DOC-1068

For e.g. SSL3 is reveal but they will not reveal directly what is the actual cipher associated with it - has to check the certificate supported ciphers
Asset Search Method

The first and perhaps simplest way is to perform an asset search. Simply go to Vulnerability Management > Assets > Asset Search. Consider searching all asset groups. Alternatively, you may want to limit to only assets scanned within 90 days or external hosts. The important thing is to include only assets that have QID 38116 containing the string “SSLv3_PROTOCOL_IS_ENABLED
https://community.qualys.com/thread/13873

Note that Qualys is a cloud-based solution that detects vulnerabilities on all networked assets, including servers, network devices (e.g. routers, switches, firewalls, etc.), peripherals (such as IP-based printers or fax machines) and workstations. They do have the Private Cloud Platform in case the client is not reachable via internet or will need it within its intranet scanning. The private cloud platform  combines the virtualized Qualys software with a self-contained, internally-redundant cloud appliance. The platform comes pre-configured for your environment, for fast deployment.
0
 

Author Comment

by:Member_2_7967562
ID: 41817829
Thanks for your feedback.   I don't fully track.

So are you saying that Qualys does not have the ability to find 3DES 192bit Ciphers?  Can a rule be created to treat that cipher level as a Vulnerability?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points (awarded by participants)
ID: 41818083
Yes. It cannot find those cipher. They only surface certificates installed in the device discovered.

If the said cipher is tagged with CVE or is known vulnerability, Qualys scan services as a Vulnerability mgmt tool may probably surface it but it does not have a feature to surface 3DES (192 bit or 128 bits). The SSL lab test will surface the cipher instead of the Vul mgmt scan tool.

Qualys has SSL Labs APIs expose the complete SSL/TLS server testing functionality in a programmatic fashion, and they are maintaining ssllabs-scan, an open source command-line scanning tool that doubles as the reference API client. In short, this tool as the command-line client for the SSL Labs APIs, may be more suited for automated and/or bulk testing for your use case. I do not think Qualys Vul mgmt scanner has this - they are different.

 https://www.ssllabs.com/projects/ssllabs-apis/

Their support API via the tool can gather the cipher info e.g. /getEndpointData?host=www.ssllabs.com&s=173.203.82.166 is used to retrieve detailed endpoint information. It will return a single Endpoint object on success. The object will contain complete assessment information. One of the information in the "object" has
Suite

id - suite RFC ID (e.g., 5)
name - suite name (e.g., TLS_RSA_WITH_RC4_128_SHA)
cipherStrength - suite strength (e.g., 128)
dhStrength - strength of DH params (e.g., 1024)
dhP - DH params, p component
dhG - DH params, g component
dhYs - DH params, Ys component
ecdhBits - ECDH bits
ecdhStrength - ECDH RSA-equivalent strength
q - 0 if the suite is insecure, null otherwise
https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md#suites
0
 

Author Comment

by:Member_2_7967562
ID: 41818120
Thanks!
0
 
LVL 63

Expert Comment

by:btan
ID: 41845510
As pet advised.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OnPage: Incident management and secure messaging on your smartphone
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question