sunhux
asked on
How to mitigate against SHA256 hashes if our devices can't support it
Understand EPO & NIDS can't add SHA256 hashes but we wud still want to mitigate against them.
how can we go about doing this? So far our EPO could block/prevent creation of certain file
extensions
how can we go about doing this? So far our EPO could block/prevent creation of certain file
extensions
ASKER
Sample SHA256 hashes to mitigate against :
• 899ff9489dde2c5f49d6835625 353bfe5ea8 ca3195ca01 362987a9d4 bdac162d
• 91ad7df7cae1c897e309f2cc1a 5fad99c274 a10e2d1ed2 ea7321c725 90bb35a7
EPO & IPS only support MD5 hashes
• 899ff9489dde2c5f49d6835625
• 91ad7df7cae1c897e309f2cc1a
EPO & IPS only support MD5 hashes
ASKER
Is there any way to translate/convert the SHA256 hashes to say a file name etc so that we can block the filenames instead?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks very much: can check if the following 3 MD5 is equiv to the following 3 SHA256 hashes:
MD5:
• 02b5964f93bcd22c4f6cedd64c 3b3de3
• 05d3b1a957167d6122e280c959 631e89
• 0B8064C1796F0048DF910028E7 AC0191
SHA256:
• 0c5e0a81efc0ccc406e5e6eaa2 22a79b491f 4aa2938cf7 cc72d0d027 b53a9d99
• 1739bdd96b6ec3ad7ef5dbae90 ff60cd04aa 568ef0af26 6791ec6481 5fc7ab8c
• 21b098d721ea88bf237c08cdb5 c619aa4350 46d9143bd4 a2c4ec463d cf275cbe
MD5:
• 02b5964f93bcd22c4f6cedd64c
• 05d3b1a957167d6122e280c959
• 0B8064C1796F0048DF910028E7
SHA256:
• 0c5e0a81efc0ccc406e5e6eaa2
• 1739bdd96b6ec3ad7ef5dbae90
• 21b098d721ea88bf237c08cdb5
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, so can we use the virustotal site to convert the SHA256 values to
MD5 values & input the MD5 values into our EPO & IPS instead?
MD5 values & input the MD5 values into our EPO & IPS instead?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
are McAfee EPO & IPS