RV016 - SSL too weak Vulnerabilities on network due PCI Compliance

Similar Messages

• Network coverage too weak...

  hey i have iphone 3gs it is on 4.3.4 and its network coverage is to weak the wifi coverage is too weak when i am 3 feet away from the router it gives me 1 signal and i dont get signal on my iphone on the other haand i have ipad 1 it gives it full wifi signal......and it dosent have sim network also it says 'no service' and sometimes when i am on a higher place i get sim network but not more the 3 bars....i just want to know is it harware problem or software??

  Hey shahzebfrompak,
  There are two articles that go over troubleshooting both cellular data connection and Wi-Fi network connections. I would first go over the cellular troubleshooting article:
  iPhone: Troubleshooting a cellular data connection
  http://support.apple.com/kb/TS3780
  If that doesn't resolve the issue, move on to the Wi-Fi article:
  iOS: Troubleshooting Wi-Fi networks and connections
  http://support.apple.com/kb/TS1398
  Take care,
  David

• Failing PCI Compliance Scan - SSL Weak...

  Hello,
  I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
  I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
  Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
  Thank you in advance for your help,
  Christophe
  Threat ID: 126928
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Weak Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 126928
  Information From Target:
  Here is the list of weak SSL ciphers supported by the remote server :
  Low Strength Ciphers (< 56-bit key)
  SSLv2
  EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
  EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of weak
  ciphers.Details:
  The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
  Threat ID: 142873
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Medium Strength Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 142873
  Information From Target:
  Here are the medium strength SSL ciphers supported by the remote server :
  Medium Strength Ciphers (>= 56-bit and < 112-bit key)
  SSLv2
  DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
  SSLv3
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  TLSv1
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of
  medium strength ciphers.Details:
  The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

  Chris,
  As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
  Jason
  I do believe the ASA5505 are PCI 3.0 Compliant.

• Server 2008R2 - SSL Certificate Weak Public Key Strength

  Hello -
  I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
  The first is finding is:
  'SSL Certificate Weak Public Key Strength'
  "Retina has detected that the certificate on the target supports a  cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
  "Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
  **Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
  The second finding is:
  'SSL Certificate Self-Signed'
  "Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
  "Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
  **Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
  Any help would be greatly appreciated!!
  Thanks,
  Ryan

  A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
  Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
  #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
  #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
  #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
  $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  $myCertsList = Get-ChildItem $myCerts.PSPath
  $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
  $myCerts.Close()
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

• HP Laserjet M1132 MFP is too slow over the network!

  Hi,
  My HP Laserjet M1132 MFP is too slow over the network!
  I have connect the printer to a windows XP 32bit SP3 using UBS port. The printer works fine on the local computer but when sharing it over the network it works too slow, for example with print test page it takes about 45 seconds to print and for other documents it takes much longer time.
  I have installed the latest driver form HP website and upgrade the firmware it the latest version.
  It happens on other Windows XP machines as well.
  I connected the printer to my laptop (Windows 7 64bit) and it works fine (No delays over the network) and it seems that this problem have some relations with the windows XP Driver.
  I have used local port trick on remote machines (instead of regular method) like this:
  ''add a local printer;
  'new port'
  'localport'
  \\XPcomputer\HPPrinterName as port name
  but still nothing!
  There is nothing wrong with the network, we use to use a Samsung printer on the same machines over the network with no problem.
  I Really appreciate your HELP!
  This question was solved.
  View Solution.

  BEHZAD_T, how is the printer connected to the network (wireless or Ethernet)? If it is slow wirelessly, I would suggest trying to connect the printer to your router with the Ethernet cord and install it to the networked computer that way.
  Another question is, relatively speaking, how close to your router are the Samsung printer and the HP printer? Depending on the distance (and what stands between the devices) there can be a lag between sending a print job and it being received by the printer.
  Let me know!

• Remote's or new iMac's magnet too weak

  In my new iMac either its magnet to hold the remote or the magnet in the remote is too weak. The remote does not stick to the computer like it did with the white iMacs. How come? Is this a case for warranty maybe?

  Heyy,
  No, the new iMac's actually don't have the magnet on the right side to hold the Apple Remote.
  The only magnets there are is around the screen (under the black border(, and they are there to hold the glass there.
  Ramin

• Facing problems with network due which the phone goes into hangs status

  Facing problems with network due which the phone goes into hangs status.  some one help me with switching between 2g and 3G network

  Hi Mani Nair,
  I apologize, I'm a bit unclear on the exact nature of the issue you are describing. If you are talking about having issues with a 3G cellular data network, you may find the troubleshooting steps outlined in the following article helpful:
  iPhone cellular data connection issues
  Regards,
  - Brenden

• I can sometimes connect to my Wi-Fi network, but sometimes the name of the network doesn't even appear when i try to find available networks. Is it possible that my software is too new for the network?

  I can sometimes connect to my Wi-Fi network, but sometimes the name of the network doesn't even appear when i try to find available networks. Is it possible that my software is too new for the network?

  It may be your router is to old. Good read:
  http://www.wi-fiplanet.com/tutorials/7-tips-to-increase-wi-fi-performance.html

• Patching vulnerabilities for PCI compliance

  Hi
  My Apple Profile Manager server has failed a PCI compliance scan, due to the vulnerabilities listed below. The OS and the software are patched to the highest level, but its still failing
  What do i need to do to be able to resolve these? If i can't patch them by Thursday, i'll have to shut down the server
  SSL/TLS use of weak RC4 cipher                                                            CVE-2013-2566         
  OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20140806)    CVE-2014-3512         
                                                                                                                 CVE-2014-3511
                                                                                                                 CVE-2014-3510
                                                                                                                 CVE-2014-3507
                                                                                                                 CVE-2014-3508:
                                                                                                                 CVE-2014-5139:
                                                                                                                 CVE-2014-3509:
                                                                                                                 CVE-2014-3505:
                                                                                                                 CVE-2014-3506
  Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day     CVE-2007-6750

  If your running OS X 10.9.2 as your message indicates then you are not patched to the highest level. (By a long way.)
  OS X 10.9.5 plus Security Update 2014-005 would give you all the current patches for Mavericks. If you upgraded to Yosemite and Server.app 4.0 you would get some further updates. (Server 4.0 would have to be purchased although Yosemite aka. OS X 10.10 itself is free.)
  Even with all of those I suspect some of the issues you list will not be patched. In theory you could manually compile and install patches but this is generally a very bad idea as you will then break compatibility with Apple's own software such as the server configuration tool Server.app and likely break Profile Manager completely and if you use it the Wiki module.
  If you want complete control over patching the software then OS X is not going to let you do this with out as mentioned above severe consequences. Only Linux gives you that level of control. Arguably Windows gives you even less control than OS X as in Windows it is all closed source (Microsoft) software.

• Driver needed for Network controller,PCI Device,SM Bus controller

  Need helpt to get the drivers for win 7 64 bit for Network controller, PCI Device,SM Bus controller, Universal Serial Bus controller, PCI Encryption/Decryption controller

  Hi: For the smbus and usb 3 controllers, download and install the amd chipset drivers and reboot. http://support.amd.com/en-us/download/chipset?os=Windows%207%20-%2064 PCI device: http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-141812-1&cc=us&dlc=en&lc=en&os=4063&product=7174407&sw_lang= PCI Encryption/Decryption controller: Download and run this driver.  Then you have to manually install it. http://h20566.www2.hp.com/hpsc/swd/public/detail?swItemId=vc_133833_1 To manually install the driver, go to the device manager, click on the PCI E/D Controller needing the driver. Click on the driver tab.  Click on update driver.  Select the Browse my computer for driver software option and browse to the driver folder that was created when you ran the file. That folder will be located in C:\SWSetup\sp66974. Make sure the Include Subfolders box is checked and the driver should install.   Then reboot. Network controller...need the hardware ID for that because I don't know what model wireless card your model has. Since there is no wireless driver installed, there should be a device labeled Network Controller in the device manager under an Other Devices category.  The network controller device will have a little ! mark next to it. So, find the network controller device, click on that and then click on the Details tab. Now you see a Property drop down list and it is defaulted to Device Description. Drop down on that list and select the third item (Hardware ID's). Post the top string of characters you see in the window.  

• Bluetooth,Ethernet controller, network controller, PCI device & Unknown devicedrivers not available

  HP Pavilion g6 - 2201Ax
  Windows 7 Ultimate 64 bit
  Hardware IDs:
  1. Bluetooth Controller
  PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C&REV_00
  PCI\VEN_1814&DEV_3298&SUBSYS_18EC103C
  PCI\VEN_1814&DEV_3298&CC_0D1100
  PCI\VEN_1814&DEV_3298&CC_0D11
  2. Ethernet Controller
  PCI\VEN_10EC&DEV_8136&SUBSYS_184AEC103C&REV_05
  PCI\VEN_10EC&DEV_8136&SUBSYS_184AEC103C
  PCI\VEN_10EC&DEV_8136&CC_020000
  PCI\VEN_10EC&DEV_8136&CC_0200
  3. Network Controller
  PCI\VEN_1814&DEV_3290&SUBSYS_18EC103C&REV_00
  PCI\VEN_1814&DEV_3290&SUBSYS_18EC103C
  PCI\VEN_1814&DEV_3290&CC_028000
  PCI\VEN_1814&DEV_3290&CC_0280
  4. PCI device
  PCI\VEN_10EC&DEV_5229&SUBSYS_184AC103C&REV_01
  PCI\VEN_10EC&DEV_5229&SUBSYS_184AC103C
  PCI\VEN_10EC&DEV_5229&CC_FF0000
  PCI\VEN_10EC&DEV_5229&CC_FF00
  5. Unknown device
  ACPI\HPQ0004
  *HPQ0004
  Need to install these drivers for Windows 7 64bit OS.
  This question was solved.
  View Solution.

  Hi:
  HP does not provide any support for previous operating systems on their consumer PC's which is why there are no W7 drivers for your model.
  Below are the drivers you need:
  1. Bluetooth Controller:
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...
  2. Ethernet Controller:
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...
  3. Network Controller:
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...
  4. PCI device:
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...
  5. Unknown device:
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...
  Did you install the AMD chipset driver to get the smbus controller and usb 3 controllers installed?  First download listed.
  http://support.amd.com/us/gpudownload/windows/Pages/raid_windows.aspx#2
  Do you need the graphics driver?
  If so, here it is.
  http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?lang=en&cc=us&prodTypeId=32...

• Airport Express is weak extending my network

  I have a 1 year old Airport Extreme (n) and moved into a new longer house, so I bought a new Airport Express (n) yesterday in order to extend the network. After going through the manual setup process, checked "extend this network" on both Extreme and Express, I still find the Express throws off a very weak signal. My computer is 10 feet from the Express and it's only at 2 bars of strength. It's starting to make me think that my computer is trying to connect with the Extreme (other end of the house), not the Express.
  This is somewhat difficult to troubleshoot since both have the same network name.
  Any help?

  Open AirPort Utility and click on the AirPort Extreme. Write down the AirPort ID of the device that you see in the window. Then do the same for the AirPort Express.
  Move your laptop near the AirPort Express. Hold down the option key on your Mac while you click on the fan shaped AirPort icon at the top of the screen. Look for the BSSID. That is the AirPort ID of the device that your Mac is connected to.
  If you are close to the AirPort Express, but see the ID of the AirPort Extreme, you are connected to the AirPort Extreme. Something is wrong with your setup, or the Express may be located too far away from the Extreme to pick up a good signal.
  You want the Express located about 1/2 the distance from the AirPort Extreme to the area that needs more wireless coverage. Try different locations and be sure to restart both the Extreme and Express when you make any location changes.

• Iphone upgrade file is too large for my network space

  Hi
  Does anyone know how to set the disk location that itunes uses for non-music files. My network space is too small for the next iphones upgrade and I can't download it.
  cheers

  Your network space is smaller than 240MB? If it is, that's the smallest allocated space I've ever heard of! Besides, when the update becomes available, you'll be downloading it from Apple's servers directly. If your asking for a place that you can store and then update from, you just have to hold the SHIFT key on a PC or the OPTION/ALT key on a Mac while pressing UPDATE or RESTORE and it will allow you to find the firmware file on your primary C drive or wherever you've placed it.

• Disable SSL v2 and weak cipers on a RV325 for PCI compliance

  How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?

  Hello
  per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
  lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

• Suddenly our windows 7 clients can't connect to our wireless network due to a cert error?

  Our company uses a Ruckus setup for our wireless network.  The laptops have to have a certificate on them issued from our CA and be a member of AD group.  Yesterday we noticed that nobody could connect to the internal wireless network.  In
  the security logs for the computers there is a this error:
  A request was made to authenticate to a wireless network.
  Subject:
      Security ID:        host/xxx-xxxxxxx
      Account Name:        -
      Account Domain:        -
      Logon ID:        0x0
  Network Information:
      Name (SSID):        Forest River Internal
      Interface GUID:        {53b8a5f4-e910-4e3e-ab88-eb4f46356e1f}
      Local MAC Address:    68:94:23:00:26:1F
      Peer MAC Address:    C4:01:7C:4A:88:58
  Additional Information:
      Reason Code:        Explicit Eap failure received (0x50005)
      Error Code:        0x80420202
      EAP Reason Code:    0x80420202
      EAP Root Cause String:    The authentication failed because certificate required for this network has expired on the server computer
      EAP Error Code:        0x80420202
  this cert was is supposed to be good for another year, is there anyway that I can get the CA server to renew this cert or do I need to issue a new one and distribute it?  The other issue I'm running into is I can't seem to get my CA to issue a new computer
  cert.  All the servers are 08 R2 boxes.

  Hi,
  Do you have any progresses on this issue by now?
  Here is a related KB article below:
  Windows 7 does not connect to an IEEE 802.1X-authenticated network if an invalid certificate is installed
  http://support.microsoft.com/kb/2494172
  Best Regards,
  Amy Wang