This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2019-06-28 06:26 AM

Vulnerability Mitigation for TLS 1.0 and Weak Ciphers

Hello,

I need  instructions to mitigate the following two vulnerabilities from our Gateways : 

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

2) Removal of Weak Ciphers

We are using a VSX Cluster environment with R80.10

Also, what could be the after effects after removing these vulnerabilities on the existing production environment.

Please suggest.

 

Thanks

0 Kudos
9 Replies
PhoneBoy
Admin
Admin
‎2019-06-28 12:12 PM

As there isn't one global "use TLSv1.2" and "disable weak ciphers" setting, we need some more context, namely on what ports these issues were found.
The main one the comes up (Gaia WEBUI) isn't relevant on VSX.
0 Kudos
LostBoY
Advisor
‎2019-07-31 03:12 AM
In response to PhoneBoy

thanks for the reply.. vulnerability has been reported on port 443 (TLS 1.0 Protocol Detection) ...discovered on 2 VSX Gateways which are in cluster
0 Kudos
PhoneBoy
Admin
Admin
‎2019-08-02 07:15 AM
In response to LostBoY

What blades are active on this gateway?
Like I said, the main culprit (the Gaia WebUI) is not active on VSX.
0 Kudos
LostBoY
Advisor
‎2019-09-10 02:44 AM
In response to PhoneBoy

AntiBot, Antivirus, IPS
0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2019-09-10 03:54 AM
In response to LostBoY

Maybe also SSL Inspection ? Then see sk126613: Cipherconfiguration tool for R80.x Gateways.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Parmod
Explorer
‎2020-01-16 09:08 AM
In response to G_W_Albrecht

how to remediate TLS vulnerability on checkpoint firewall Virtual interface

 

and sk126613: Cipherconfiguration tool for R80.x Gateways.  is not clearing this requirement @

G_W_Albrecht
0 Kudos
sushilsharma
Explorer
‎2020-02-12 05:42 AM

1) Enable Support for TLS 1.1 and TLS 1.2 , and disable TLS  1.0

Note: I am a novice user, so please check in test setup before applying to production.

Solution: In Smart console menu->Global properties->Advanced->Configure...

Go to portal properties, there it will show option to set max and min ssl version attributes.

There you may change ssl min. version from TLS1.0 to TLS1.1.

---------There is no growth without humility---------
fklim
Explorer
‎2020-08-21 02:01 PM
In response to sushilsharma

awesome, thanks  for sharing

0 Kudos
Prime
Contributor
‎2022-09-22 05:15 AM

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events