?
Solved

Qualys Vulnerablity Scanner - SSL/TLS Ciphers

Posted on 2016-09-26
5
Medium Priority
?
130 Views
Last Modified: 2016-10-16
Hi,

Does anyone know if Qualys Vulnerability Scanner is able to detected the Ciphers that are active?

I am looking specifically for 192 3Des Ciphers in our environment.  I was told Qualys does not track this.

Thanks.
0
Comment
Question by:The Dude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 2000 total points (awarded by participants)
ID: 41817718
They have a equivalent online SSL cipher to detect the weak and existing active cipher checks @ https://www.ssllabs.com/ssltest/ so it should have the equivalent mechanism in their scanner services - Qualys Vulnerability mgmt. @ https://www.qualys.com/suite/vulnerability-management/features/

However, the scanner is not an asset inventory though it may list out the cipher due to vulnerability but it is not for tracking purpose. What you likely expect from its scanner service is they are discover the certificate which will reveal the cipher implemented in the devices that are reachable in your environment. You can possibly see those from the vulnerability report generated with the service port open etc but surely will not meet your idea of tracking and reveal all existing cipher if that is your requirement.
https://community.qualys.com/docs/DOC-1068

For e.g. SSL3 is reveal but they will not reveal directly what is the actual cipher associated with it - has to check the certificate supported ciphers
Asset Search Method

The first and perhaps simplest way is to perform an asset search. Simply go to Vulnerability Management > Assets > Asset Search. Consider searching all asset groups. Alternatively, you may want to limit to only assets scanned within 90 days or external hosts. The important thing is to include only assets that have QID 38116 containing the string “SSLv3_PROTOCOL_IS_ENABLED
https://community.qualys.com/thread/13873

Note that Qualys is a cloud-based solution that detects vulnerabilities on all networked assets, including servers, network devices (e.g. routers, switches, firewalls, etc.), peripherals (such as IP-based printers or fax machines) and workstations. They do have the Private Cloud Platform in case the client is not reachable via internet or will need it within its intranet scanning. The private cloud platform  combines the virtualized Qualys software with a self-contained, internally-redundant cloud appliance. The platform comes pre-configured for your environment, for fast deployment.
0
 

Author Comment

by:The Dude
ID: 41817829
Thanks for your feedback.   I don't fully track.

So are you saying that Qualys does not have the ability to find 3DES 192bit Ciphers?  Can a rule be created to treat that cipher level as a Vulnerability?
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41818083
Yes. It cannot find those cipher. They only surface certificates installed in the device discovered.

If the said cipher is tagged with CVE or is known vulnerability, Qualys scan services as a Vulnerability mgmt tool may probably surface it but it does not have a feature to surface 3DES (192 bit or 128 bits). The SSL lab test will surface the cipher instead of the Vul mgmt scan tool.

Qualys has SSL Labs APIs expose the complete SSL/TLS server testing functionality in a programmatic fashion, and they are maintaining ssllabs-scan, an open source command-line scanning tool that doubles as the reference API client. In short, this tool as the command-line client for the SSL Labs APIs, may be more suited for automated and/or bulk testing for your use case. I do not think Qualys Vul mgmt scanner has this - they are different.

 https://www.ssllabs.com/projects/ssllabs-apis/

Their support API via the tool can gather the cipher info e.g. /getEndpointData?host=www.ssllabs.com&s=173.203.82.166 is used to retrieve detailed endpoint information. It will return a single Endpoint object on success. The object will contain complete assessment information. One of the information in the "object" has
Suite

id - suite RFC ID (e.g., 5)
name - suite name (e.g., TLS_RSA_WITH_RC4_128_SHA)
cipherStrength - suite strength (e.g., 128)
dhStrength - strength of DH params (e.g., 1024)
dhP - DH params, p component
dhG - DH params, g component
dhYs - DH params, Ys component
ecdhBits - ECDH bits
ecdhStrength - ECDH RSA-equivalent strength
q - 0 if the suite is insecure, null otherwise
https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md#suites
0
 

Author Comment

by:The Dude
ID: 41818120
Thanks!
0
 
LVL 64

Expert Comment

by:btan
ID: 41845510
As pet advised.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question