https://live.paloaltonetworks.com/t5/general-topics/need-response-on-some-vapt-points/m-p/274816#M75194 <P>There are some VAPT points of one of our customer which is attached with the email.</P><P>My response on these vulnerability point are as follow:-</P><P>1)&nbsp;SSL/TLS Server supports TLSv1.0 :-</P><P><SPAN>We can enable TLSv1.2 in SSL/TLS profile under Device -SSL/TLS profile and use these profile wherever required.</SPAN></P><P>2)&nbsp;Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) :-</P><P><SPAN>We can enhance block size of cipher and generate certificate for firewall access.</SPAN></P><P>3)&nbsp;SSL Certificate&nbsp; Expired :-</P><P><SPAN>We can renew certificate with vaild start and end date.</SPAN></P><P>4)&nbsp;SSL Certificate - Self-Signed Certificate:-</P><P><SPAN>Trusted third party certificate can be installed for this.</SPAN></P><P>5)&nbsp;SSL Certificate - Improper Usage Vulnerability:-&nbsp;</P><P>6)&nbsp;SSL Certificate - Signature Verification Failed Vulnerability:-</P><P><SPAN>Trusted third party certificate can be installed for this.</SPAN></P><P>7)&nbsp;HTTP Security Header Not Detected:- Need your response on this.&nbsp;</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Deprecated SSH Cryptographic Settings:-</P><P><SPAN>we can enable strong cipher for ssh access of firewall i.e ctr,gcm.</SPAN></P><P>&nbsp;</P><P>Please check and share your response on this.</P><P>&nbsp;</P><P>Regards</P><P>Karthikeyan&nbsp;</P> Thu, 04 Jul 2019 06:46:32 GMT karthikeyanB 2019-07-04T06:46:32Z https://live.paloaltonetworks.com/t5/general-topics/need-response-on-some-vapt-points/m-p/274816#M75194 <P>There are some VAPT points of one of our customer which is attached with the email.</P><P>My response on these vulnerability point are as follow:-</P><P>1)&nbsp;SSL/TLS Server supports TLSv1.0 :-</P><P><SPAN>We can enable TLSv1.2 in SSL/TLS profile under Device -SSL/TLS profile and use these profile wherever required.</SPAN></P><P>2)&nbsp;Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) :-</P><P><SPAN>We can enhance block size of cipher and generate certificate for firewall access.</SPAN></P><P>3)&nbsp;SSL Certificate&nbsp; Expired :-</P><P><SPAN>We can renew certificate with vaild start and end date.</SPAN></P><P>4)&nbsp;SSL Certificate - Self-Signed Certificate:-</P><P><SPAN>Trusted third party certificate can be installed for this.</SPAN></P><P>5)&nbsp;SSL Certificate - Improper Usage Vulnerability:-&nbsp;</P><P>6)&nbsp;SSL Certificate - Signature Verification Failed Vulnerability:-</P><P><SPAN>Trusted third party certificate can be installed for this.</SPAN></P><P>7)&nbsp;HTTP Security Header Not Detected:- Need your response on this.&nbsp;</P><P><span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span> Deprecated SSH Cryptographic Settings:-</P><P><SPAN>we can enable strong cipher for ssh access of firewall i.e ctr,gcm.</SPAN></P><P>&nbsp;</P><P>Please check and share your response on this.</P><P>&nbsp;</P><P>Regards</P><P>Karthikeyan&nbsp;</P> Thu, 04 Jul 2019 06:46:32 GMT https://live.paloaltonetworks.com/t5/general-topics/need-response-on-some-vapt-points/m-p/274816#M75194 karthikeyanB 2019-07-04T06:46:32Z https://live.paloaltonetworks.com/t5/general-topics/need-response-on-some-vapt-points/m-p/275131#M75234 <P>Hello,</P><P>Not sure what the question is, but the points are correct from what I can tell.</P><P>&nbsp;</P><P>Regards,</P> Fri, 05 Jul 2019 17:01:04 GMT https://live.paloaltonetworks.com/t5/general-topics/need-response-on-some-vapt-points/m-p/275131#M75234 OtakarKlier 2019-07-05T17:01:04Z