Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

How to mitigate against SHA256 hashes if our devices can't support it

Understand  EPO & NIDS can't add SHA256 hashes but we wud still want to mitigate against them.

how can we go about doing this?  So far our EPO could block/prevent creation of certain file
extensions
Avatar of sunhux
sunhux

ASKER

The devices that lack this SHA256 hashes support I'm referring to
are McAfee EPO &  IPS
Avatar of sunhux

ASKER

Sample SHA256 hashes to mitigate against :
•        899ff9489dde2c5f49d6835625353bfe5ea8ca3195ca01362987a9d4bdac162d
•        91ad7df7cae1c897e309f2cc1a5fad99c274a10e2d1ed2ea7321c72590bb35a7


EPO & IPS only support MD5 hashes
Avatar of sunhux

ASKER

Is there any way to translate/convert the SHA256 hashes to say a file name etc so that we can block the filenames instead?
SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

Thanks very much:  can check if the following 3 MD5 is equiv to the following 3 SHA256 hashes:

MD5:
•        02b5964f93bcd22c4f6cedd64c3b3de3
•        05d3b1a957167d6122e280c959631e89
•        0B8064C1796F0048DF910028E7AC0191

SHA256:
•        0c5e0a81efc0ccc406e5e6eaa222a79b491f4aa2938cf7cc72d0d027b53a9d99
•        1739bdd96b6ec3ad7ef5dbae90ff60cd04aa568ef0af266791ec64815fc7ab8c
•        21b098d721ea88bf237c08cdb5c619aa435046d9143bd4a2c4ec463dcf275cbe
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sunhux

ASKER

Thanks, so can we use the virustotal site to convert the SHA256 values to
MD5 values & input the MD5 values into our EPO & IPS instead?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial