Joe
asked on
I cannot resolve SSL/TLS Vulnerabilities on my network. SERVER 2008 r2
I have two particular vulnerabilities that were found by our Qualys scan.
Vulnerability 1: SSL/TLS Server supports TLSv1.0
Solution disable TLS 1.0
What I did. Set the registry entries below.
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.0\Client]
"DisabledByDefault"=dword: 00000001
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Protoc ols\TLS 1.0\Server]
"Enabled"=dword:00000000
The vulnerability is still showing up.
Vulnerability 2: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
Solution: Disable DES and 3DES.
What I did.
Set the following Reg entries:
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Cipher s\DES 168/168]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Cipher s\DES 56/56]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM \CurrentCo ntrolSet\C ontrol\Sec urityProvi ders\SCHAN NEL\Cipher s\Triple DES 168]
"Enabled"=dword:00000000
For some reason the vulnerabilities are still showing up on the server. I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
Vulnerability 1: SSL/TLS Server supports TLSv1.0
Solution disable TLS 1.0
What I did. Set the registry entries below.
[HKEY_LOCAL_MACHINE\SYSTEM
"DisabledByDefault"=dword:
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000000
The vulnerability is still showing up.
Vulnerability 2: Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)
Solution: Disable DES and 3DES.
What I did.
Set the following Reg entries:
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM
"Enabled"=dword:00000000
For some reason the vulnerabilities are still showing up on the server. I have followed what I have read on microsoft. I am beginning to think that it is a false positive.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Assume you have already rebooted the system. You need to check if it is pertaining to application as there may be SSL that is implemented and configured to use otherwise like the case of Apache or those using Openssl. Check the server on service port for SSL and to what processes is interacting with it
ASKER
According to the scan it is affecting port 2381. Which is the HP systems management homepage. I just spoke with my boss and he informed me that he's aware of this being out of date and we need to update the SPP.
Looks like it may be the culprit for the finding and it has config file using Apache and openssl, better to upgrade
https://community.saas.hpe.com/t5/Systems-Insight-Manager-Forum/HP-System-Management-Homepage-and-SSL-Server-Allows-Anonymous/m-p/797053
https://community.saas.hpe.com/t5/Systems-Insight-Manager-Forum/HP-System-Management-Homepage-and-SSL-Server-Allows-Anonymous/m-p/797053
ASKER
The HP homepage needed to be updated. The solutions selected helped resolve other vulnerabilities.
ASKER