Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Qualys Vulnerablity Scanner - SSL/TLS Ciphers

Posted on 2016-09-26
5
Medium Priority
?
219 Views
Last Modified: 2016-10-16
Hi,

Does anyone know if Qualys Vulnerability Scanner is able to detected the Ciphers that are active?

I am looking specifically for 192 3Des Ciphers in our environment.  I was told Qualys does not track this.

Thanks.
0
Comment
Question by:The Dude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 65

Assisted Solution

by:btan
btan earned 2000 total points (awarded by participants)
ID: 41817718
They have a equivalent online SSL cipher to detect the weak and existing active cipher checks @ https://www.ssllabs.com/ssltest/ so it should have the equivalent mechanism in their scanner services - Qualys Vulnerability mgmt. @ https://www.qualys.com/suite/vulnerability-management/features/

However, the scanner is not an asset inventory though it may list out the cipher due to vulnerability but it is not for tracking purpose. What you likely expect from its scanner service is they are discover the certificate which will reveal the cipher implemented in the devices that are reachable in your environment. You can possibly see those from the vulnerability report generated with the service port open etc but surely will not meet your idea of tracking and reveal all existing cipher if that is your requirement.
https://community.qualys.com/docs/DOC-1068

For e.g. SSL3 is reveal but they will not reveal directly what is the actual cipher associated with it - has to check the certificate supported ciphers
Asset Search Method

The first and perhaps simplest way is to perform an asset search. Simply go to Vulnerability Management > Assets > Asset Search. Consider searching all asset groups. Alternatively, you may want to limit to only assets scanned within 90 days or external hosts. The important thing is to include only assets that have QID 38116 containing the string “SSLv3_PROTOCOL_IS_ENABLED
https://community.qualys.com/thread/13873

Note that Qualys is a cloud-based solution that detects vulnerabilities on all networked assets, including servers, network devices (e.g. routers, switches, firewalls, etc.), peripherals (such as IP-based printers or fax machines) and workstations. They do have the Private Cloud Platform in case the client is not reachable via internet or will need it within its intranet scanning. The private cloud platform  combines the virtualized Qualys software with a self-contained, internally-redundant cloud appliance. The platform comes pre-configured for your environment, for fast deployment.
0
 

Author Comment

by:The Dude
ID: 41817829
Thanks for your feedback.   I don't fully track.

So are you saying that Qualys does not have the ability to find 3DES 192bit Ciphers?  Can a rule be created to treat that cipher level as a Vulnerability?
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41818083
Yes. It cannot find those cipher. They only surface certificates installed in the device discovered.

If the said cipher is tagged with CVE or is known vulnerability, Qualys scan services as a Vulnerability mgmt tool may probably surface it but it does not have a feature to surface 3DES (192 bit or 128 bits). The SSL lab test will surface the cipher instead of the Vul mgmt scan tool.

Qualys has SSL Labs APIs expose the complete SSL/TLS server testing functionality in a programmatic fashion, and they are maintaining ssllabs-scan, an open source command-line scanning tool that doubles as the reference API client. In short, this tool as the command-line client for the SSL Labs APIs, may be more suited for automated and/or bulk testing for your use case. I do not think Qualys Vul mgmt scanner has this - they are different.

 https://www.ssllabs.com/projects/ssllabs-apis/

Their support API via the tool can gather the cipher info e.g. /getEndpointData?host=www.ssllabs.com&s=173.203.82.166 is used to retrieve detailed endpoint information. It will return a single Endpoint object on success. The object will contain complete assessment information. One of the information in the "object" has
Suite

id - suite RFC ID (e.g., 5)
name - suite name (e.g., TLS_RSA_WITH_RC4_128_SHA)
cipherStrength - suite strength (e.g., 128)
dhStrength - strength of DH params (e.g., 1024)
dhP - DH params, p component
dhG - DH params, g component
dhYs - DH params, Ys component
ecdhBits - ECDH bits
ecdhStrength - ECDH RSA-equivalent strength
q - 0 if the suite is insecure, null otherwise
https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md#suites
0
 

Author Comment

by:The Dude
ID: 41818120
Thanks!
0
 
LVL 65

Expert Comment

by:btan
ID: 41845510
As pet advised.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question