by Cody Dumont
October 21, 2014
Encrypting communications is a key part to network security, and SSL is a key component of securing data in motion. SecurityCenter CV is able to identify vulnerable systems before vendors issue patches by viewing scan data and event logs. The latest SSL vulnerability is called POODLE, aka Padding Oracle On Downloaded Legacy Encryption. While the vulnerability has a colorful name, do not let the severity fool you. The systems and users that are the most at risk are the ones that use captive portal pages in published hot spots, where Man-in-the-Middle (MitM) attacks are the most prevalent. This attack vector allows an attacker to extract data from secure HTTP connections. This could allow the attacker to do things such as access online banking or e- mail systems.
This report provides several chapters, including the IE versions and the SSL versions used on the network. With IE 6 being vulnerable, the “Internet Explorer Version Detection” chapter can identify the versions of IE present on the network, while the other chapters focus on the version of SSL used on the network. The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Security Industry Trends. The report requirements are:
- SecurityCenter 4.8.1
- Nessus 5.2.7
- PVS 4.0.2
SecurityCenter Continuous View allows for the most comprehensive and integrated view of network health and provides the most complete solution to identify emerging threats. By utilizing Nessus, the organization can actively discover SSL versions and browser versions. By using the Log Correlation Engine (LCE), the organization can perform deep log analysis to detect possible systems with elevated risk. The Passive Vulnerability Scanner (PVS) brings the ability to quickly identify vulnerabilities in real-time without directly accessing the clients or servers.
Chapters
Executive Summary - This chapter provides a snapshot of the threat posed by SSLv3 and the POODLE vulnerabilities. The information in the first matrix provides a count of vulnerable systems, followed by a matrix of the Internet Explorer versions. The last two charts provide subnet summary view of the top 20 most affected subnets.
Internet Explorer Version Detection - This chapter provides a detailed summary of all networks and hosts running Internet Explorer. For each version of Internet Explorer, there is a separate section, beginning with most current version 11 and stopping with version 3. Each section contains a bar chart and table, showing the network summary and a vulnerability detailed report. The vulnerability detail shows the plugins used to identify the Internet Explorer version and an IP address list of each host with a vulnerability.
SSLv3 Details - This chapter contains detailed information about SSLv3 vulnerabilities. Identifying these vulnerabilities allows system admins to be proactive in mitigation planning as vendors release patches.
POODLE Details - This chapter contains the detailed information about POODLE vulnerabilities. Identifying these vulnerabilities allows system admins to be proactive in mitigation planning as vendors release patches.