https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/439385#M1335 <DIV class="wDYxhc"><DIV class="LGOjhe"><SPAN class="ILfuVd"><SPAN class="hgKElc">Vulnerabilities in SSL Certificate is a<SPAN>&nbsp;</SPAN><STRONG>Self Signed</STRONG><SPAN>&nbsp;</SPAN>is a Medium risk vulnerability that is also high frequency and high visibility. This is the most severe combination of security factors that exists and it is extremely important to find it on your network and fix it as soon as possible.</SPAN></SPAN></DIV></DIV><DIV class="g"><DIV><DIV class="tF2Cxc">&nbsp;</DIV><DIV class="tF2Cxc"><A href="https://www.mybpcreditcard.pro/" target="_self">www.mybpcreditcard.com</A></DIV></DIV></DIV> Fri, 08 Oct 2021 07:10:32 GMT Wallace15 2021-10-08T07:10:32Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/438679#M1332 <P>I have found several of my network devices are showing up within our vulnerability management scanner with&nbsp;<STRONG>X.509 Certificate Subject CN does not match the entity name&nbsp;</STRONG>as a vulnerability. This is more than likely a DNS issue as I do not have any network devices with DNS records. I have been told conflicting opinions and would like to know how do I find the best practices on this finding. Which one would be the most accurate process that I should follow:&nbsp;</P><OL><LI>It is best practice not to place DNS records on my network devices as it will make them unrecognizable on the public-facing side. Therefore, security by obscurity.&nbsp;</LI><LI>Attempt to place DNS records as this secures all devices and allows for security teams to identify and ensure that these devices are behaving as needed through the SIEM.&nbsp;</LI></OL><P>&nbsp;</P> Tue, 05 Oct 2021 03:30:18 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/438679#M1332 mcruz10 2021-10-05T03:30:18Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/439264#M1333 <P>Hello,</P><P>This can be several things or steps to remediate. Yes you should at least be running PKI certs from your internal cert authority, AD is great for this. Also the device that is performing the scans need to have those PKI root certs imported so that it can validate the internal PKI you are using.</P><P>&nbsp;</P><P>Hope I got the question interpreted correctly.</P><P>&nbsp;</P><P>Cheers!</P> Wed, 06 Oct 2021 21:33:39 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/439264#M1333 OtakarKlier 2021-10-06T21:33:39Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/439385#M1335 <DIV class="wDYxhc"><DIV class="LGOjhe"><SPAN class="ILfuVd"><SPAN class="hgKElc">Vulnerabilities in SSL Certificate is a<SPAN>&nbsp;</SPAN><STRONG>Self Signed</STRONG><SPAN>&nbsp;</SPAN>is a Medium risk vulnerability that is also high frequency and high visibility. This is the most severe combination of security factors that exists and it is extremely important to find it on your network and fix it as soon as possible.</SPAN></SPAN></DIV></DIV><DIV class="g"><DIV><DIV class="tF2Cxc">&nbsp;</DIV><DIV class="tF2Cxc"><A href="https://www.mybpcreditcard.pro/" target="_self">www.mybpcreditcard.com</A></DIV></DIV></DIV> Fri, 08 Oct 2021 07:10:32 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/certificate-vulnerabilities/m-p/439385#M1335 Wallace15 2021-10-08T07:10:32Z