07-03-2019 11:46 PM
There are some VAPT points of one of our customer which is attached with the email.
My response on these vulnerability point are as follow:-
1) SSL/TLS Server supports TLSv1.0 :-
We can enable TLSv1.2 in SSL/TLS profile under Device -SSL/TLS profile and use these profile wherever required.
2) Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32) :-
We can enhance block size of cipher and generate certificate for firewall access.
3) SSL Certificate Expired :-
We can renew certificate with vaild start and end date.
4) SSL Certificate - Self-Signed Certificate:-
Trusted third party certificate can be installed for this.
5) SSL Certificate - Improper Usage Vulnerability:-
6) SSL Certificate - Signature Verification Failed Vulnerability:-
Trusted third party certificate can be installed for this.
7) HTTP Security Header Not Detected:- Need your response on this.
😎 Deprecated SSH Cryptographic Settings:-
we can enable strong cipher for ssh access of firewall i.e ctr,gcm.
Please check and share your response on this.
Regards
Karthikeyan
