Encryption Vulnerability Security SCAN DS

Similar Messages

• Vulnerability & Compliance Scanning 10 & 11G

  My question is in regards to Oracle Advance Security or other encryption services that may prevent security scanning of the DBMS. Currently, when this OAS deployed this prevents us from conducting vulnerability\compliance scanning of the DB using Tenable Nessus, my question(s) is this, is there a way to allow the testing to take place with the OAS engaged and if not is it such an arduous effort to disable for 5 minutes and then re-enable? The reason I'm out here asking is because every DBA I've asked either cannot explain it or will not because they do not want to do it... either way if I can find an answer I can at least try to talk to them about it.
  Any assistance will be greatly appreciated. Thanks in advance.
  Edited by: 1005664 on May 13, 2013 2:37 PM

  I suggest finding out whether the DBAs are already using Grid Control to monitor patch levels and policy violations. Appendix B of your linked Configuration Benchmark describes what Grid Control can provide, and it is very similar to what you are hoping to get from Nessus.
  DBAs taking steps to prevent scans that they did not initiate sounds like good group of DBAs doing their job. You are using Nessus to scan for vulnerabilities. Who's to say a malicious user isn't running scans also with some other tool? It sounds like the DBAs are protecting against that possibility. Also, even though you don't have a requirement for TDE the DBAs (or another part of the company) likely have a very good reason for implementing it. If Nessus proves to be incompatible with TDE, then be open to considering other tools (like Grid Control) that are.
  I encourage you to work with your DBA team, rather than against them or working around them. Understand the tools they may already be using - they likely have the same goals of protecting the system that you do.
  The first step to me would be to review the Benchmark recommendations with the DBA team. They should be able to tell you which policies they follow and why (or why not). Determine together which tools make sense and are compatible in your environment. Then when you find something that is not in line with recommended policies you will already have a rapport where they will be willing to work with you on configuration changes.

• "SAP Web Dispatcher" & "Weak Encryption Vulnerability"

  Hello everyone,
  First, if I've posted this question in an inappropriate forum, I apologize.  If you'll direct me to a more appropriate forum, I'll post this question there.
  Here's my issue...  we've just installed a set of SAP Web Dispatchers in our DMZ, and we've configured the HTTPS/SSL functionality so that Internet consumers can securely communicate with us.
  We periodically enlist the services of Qualsys to scan our Internet touchpoints.  Since we made so many changes to our firewall routing rules & such in order to setup the dispatchers, we thought it would be a good idea to perform a new Qualsys scan.
  Unfortunately, their latest scans reveal a "weak encryption vulnerability".  Here's a snippet from the report:
  SSL encryption ciphers are classified based on encryption key length as follows:
  HIGH - key length larger than 128 bits
  MEDIUM - key length equal to 128 bits
  LOW - key length smaller than 128 bits
  Messages encrypted with LOW encryption ciphers are easy to decrypt. Commercial SSL servers should only support MEDIUM or HIGH strength ciphers to
  guarantee transaction security.
  Their recommended solution for us is to "Disable support for LOW encryption ciphers."  My question to you, in turn, is... How do I do that? 
  We're currently using version 7.00 (patch 167) of the dispatchers, along with SAPCRYPTOLIB version 5.5.5pl24 (11-Jun-2008).  The only time during configuration that I remember specifying a key length was when I used the sapgenpse program to generate the certificate requests.  I always specified 1,024 during that process.
  Anyone have any ideas?
  Thanks,
  ~Fred Claypool, Jr.

  > First, if I've posted this question in an inappropriate forum, I apologize. 
  No problem. If you get no answer here, try also this forum:
  Security
  Regards
  Stefan

• CF 8- security scan pins fckeditor issue after hotfix applied

  Howdy,
  We're trying to get a new web site launched on CF8. We are running 8.0.1, and I've applied the fckeditor vulnerability hotfix. The hotfix
  file shows up in the update field and classpath, and the file appears to be located where the hotfix notes say it should be. I removed the two connector files in the hotfix notes, since we don't need fckeditor for uploads.
  Our client is using McAfee Secure to run a security scan on the site, and it repeatedly points up the fckeditor vulnerability, even though the hotfix has been applied.
  I've checked and double checked the hotfix installation, stopped and restarted CF, rebooted the server, and still the scans insist the vulnerability remains.
  I'm about at my wit's end, and the client is ready to pull the project.
  Anybody had this kind of problem? Any ideas?
  Thanks very much for your time and attention.

  Hi,
  It might be because of the "Privacy Service" module which comes along with the "McCafe", try removing that using the McCafe uninstallation tools.
  HTH

• Security scans of applications

  We are using FormsCentral for an application for a New York State program.  The state would like to run security scans on the form.  Who can we speak to to give the list of scans that they would like to run?

  New York State IT would like to run the following actions on a form that we want to open for people to fill out for a New York State program.
  They will be using a web vulnerability scanner:
  -Transport Support (Http,https)
  -XSS Vulnerabilities
  -4 Concurrent Connections
  -proper behavior of cookies
    They say this is very basic scanning.  They will not be trying to overload the system with a crawl or attack.

• SA540 FAILS PCIDSS security scan

  Hi
  We have recently installed an SA540 to replace an aging PIX firewall. The new firewall has failed a routine security scan for5 PCIDSS compliance. The problem appears to realate to the HTTPS service on the firewall which we need for SSL VPNs and remote management.
  The reasons provided are:-
  1. The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years .
  2. The remote service supports the use of weak SSL ciphers
  3. The remote service supports the use of medium strength SSL ciphers
  4. The remote service supports the use of anonymous SSL ciphers – presumably this can be fixed by purchasing an SSL certificate
  Can you disable SSL2.0 and the weaker ciphers?

  Hi Keith,
  Can you please let us know what firmware version on SA500 you are using?
  Thanks,
  Nitin

• RV082 Failing Credit Card processing security scan

  Hello,
  I have an RV082 setup as the home unit for a small business VPN network and the unit is actuall in a town 30 miles from my office. I have the web interface setup so I can manage the VPN as well as open and close ports as required for remote desktop access to the facility. We have started processing credit cards with a new vendor and they do a quarterly security scan on the system. I have 2.0.0.19 firmware loaded on it. They failing my RV082 because it supports less than 128 bit on port 443.
  Is there a way I can configure it to only accept 128 or 256 only?
  I have never worked with the CLI on this unit just the GUI.
  Thanks in advance

  Hello toddah
  It would be very nice if I could access from different locations as I
  never lknow where I will be (ip address) when I am needed to provide
  assistance. I generally log into the firewall and open a RDT port to a
  specific machine for the duration of the support session and then back
  out and close the port. I was hoping there was some way configuration
  wise I could upgrade or limit the encryption strength so I could pass
  the test and keep things secure.
  I see. You were using RDP ports to access your network, and this process is no longer perceived as PCI compliant. You are correct in that a VPN connection may work for you. Being that you have an RV082, you have 3 options to establish a VPN connection to your RV082's network:
  1. IPSec Client - to - gateway, 2. Cisco Quick VPN, and 3. PPTP VPN. I am unsure as to which method will satisfy PCI compliance thoroughly.
  will anyconnect work withthe RV082 as a VPN client?
  I have not tested this, so I cannot state whether this will work. I can say that the RV082 allows IPSec VPN connections and works with clients that are built on Windows IPSec policies. In other words, this may work for you, but I would be unable to say for certain.
  You can download the Cisco Quick VPN client from the Cisco.com Website.
  I certainly hope this helps.

• Security scans on DBMS server still show Java vulnerabilities after applying JavaVM Component patch 20233168

  JavaVM Component patch 19618575 was applied to our Oracle 11.2.0.3 DBMS Windows 8 server and a security scan was done showing no vulnerabilities.
  However, patch 19618575 was rolled back by Bundle Patch 34 (20227195) and Oracle released another JavaVM Component patch 20227195.  We applied the new JavaVM patch successfully and the System Admin did the security scan which showed there was still a vulnerability for the JavaVM Component.
  Is anyone else having this problem.

  Richard,
  I have just applied patch to upgrade from Portal 3.0.9 to 3.0.9.8.1 (Patch applied to loginserver and portal schema) and the External Applications that were previously set up have gone from the portlet.
  Does this relate to your note at the bottom:
  "Minor issues with Bulk action. 1840420 CUSTOM WRITTEN EXTERNAL AUTH MODULE NEED TO BE UPDATED AFTER 3.0.9 UPGRADE SSOXOID.PKB DOESN'T LOAD.
  External authentication modules that were written before 3.0.9 need to be updated after upgrading to 3.0.9. ssoauthx.pks is updated in 3.0.9 and contains additional routines that need to be implemented." ??
  If I go to the "Login Server Administration" portlet and select the link "Administer External Applications" I get a list of 5 External Applications that have previously been set up.
  If I go back to the Home Page and select "customize" on the "External Applications" portlet I get the message "Your Login Server administrator has not registered any external applications".
  Does that mean I should just run 'ssoauthx.pks' & 'ssoxoid.pkb' or do I need to do something else ??
  Thanks
  Simo

• Security scans

  how do i perform security scan on macbook pro?
  is encryption automatic on first use?

  No need to do that >   Apple - OS X Mountain Lion - It's built to keep your Mac safe.
  Make sure Gatekeeper is setup...
  Open System Preferences > Security & Privacy then select the General tab.
  Make sure either Mac App Store or Mac App Store and identified developers is selected. If that area is grayed out, click the padlock icon to proceed.
  OS X: About Gatekeeper

• Security scan

  We're running JRun4 Updater 6 and just had a security scan on
  our system that lists a Macromedia JRun Oversized URI Buffer
  Overflow Vulnerability and recommends the mpsb02-12 patch dated
  back to 2002.
  Doesn't Updater 6 have all cumululative security patches
  which should cover this vulnerability?

  Sophos Anti Virus is free for home use
  http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
  so is Clam XAV free from App store
  http://www.usatoday.com/story/tech/columnist/komando/2013/02/14/tech-myths-mac-s oftware-megapixels-camera/1910521/

• I opened the attachment on a malicious email in error on my IPad and have been informed by the genuine company that it will download malware software. Is this possible on my IPad or is there a way of running a security scan to see if it has been infected?

  I received an email that I now know to be malicious and inadvertently opened up the attachment on my IPad that I've been informed will download malware or a virus. Can my IPad be infected this way or does anyone know if there is a way of running a security scan to check if there is a problem? I do have the most up to date IOS software installed.

  There is no anti-malware for iOS, at least none that actually does anything useful. The odds of getting any malware infection via an email attachment on an iOS device is quite low - practically non-existent. Unless you are seeing any issues, there isn't much to do, other than deleting the email and being more cautious in the future.

• How do I run a security scan on my macbook pro?

  How do I run a security scan on my macbook pro?

  If you have only Mac OSX running  you don't need to run any security scan.
  If any major security risk exists Apple offers Security Updates.
  Just don't  install any applications not needed,
  If you run Windows that is a different story.

• How to do a security scan on my iPad

  i would like to know how to do a security scan just incase I've downloaded a suspicious app or something. Does anyone know how

  There is no virus or malware in the wild that can affect an iPad, unless it has
  been jailbroken. If that is the case in your situation, Terms of Use for the forum prohibit
  discussion of jailbroken devices.

• Flashing "Running Security Scan..."

  On Windows 7, 64-bit, MS Office 2010; when I try to launch an online software that integrates a fillable-form into my Adobe Acrobat 9 Standard, at the bottom of my IE9 screen, flashing nearly 2 times per second, I see messages that say:  "Running Security Scan...".  I have to quite IE and force Adobe Acrobat to quit to stop it.  How can I fix this so that I can properly run the software?  (It works okay on my old slow XP, 32-bit coomputer, Office 2007, but the manufactureres say it is not an Office 2010 problem, nor Windows 7, 64-bit).  Also, this happens whether or not my Trend Micro Anti-virus software is running.

  That's something local on your computer or browser; not the Adobe download site.
  Try from http://get.adobe.com/reader/enterprise/

• 802.1x and Security scanning

  Hello,
  Is it possible for our security team to security scan all hosts on the network if they are using 802.1x authentication? I am trying to ensure that we can meet security scanning requirements and still use the 802.1x port-based authentication function. If not the other alternative is to use port security for end hosts. Any help/advice would be greatly appreciated.
  Thanks

  If you are using open mode, you could put in a permit rule in the pre-auth acl on the switch port, that allows all traffic going to your scanners ip adress. Traffic from the scanner to the device on the switch port is not restricted normally.