topic Re: Cipher should be replaced at switch in Network Security

Cipher should be replaced at switch

Leftz — Wed, 22 Jun 2022 20:20:39 GMT

Hi We got security vulnerability issue report. We are not sure which cipher should be replaced. http/https are disabled.

Looks like ssh is related with the issue. Anyone can share some suggestions? Thank you

The switch info: CAT3K_CAA-UNIVERSALK9-M, Version 03.06.06E

Security Report says it like the below:

Ciphers using CFB of OFB
Very uncommon, and deprecated because of weaknesses compared to newer cipher chaining modes such as CTR or GCM
RC4 cipher (arcfour, arcfour128, arcfour256)
The RC4 cipher has a cryptographic bias and is no longer considered secure
Ciphers with a 64-bit block size (DES, 3DES, Blowfish, IDEA, CAST)
Ciphers with a 64-bit block size may be vulnerable to birthday attacks (Sweet32)
Key exchange algorithms using DH group 1 (diffie-hellman-group1-sha1, gss-group1-sha1-*)
DH group 1 uses a 1024-bit key which is considered too short and vulnerable to Logjam-style attacks
Key exchange algorithm "rsa1024sha1"
Very uncommon, and deprecated because of the short RSA key size
MAC algorithm "umac-32"
Very uncommon, and deprecated because of the very short MAC length
Cipher "none"
This is available only in SSHv1

Re: Cipher should be replaced at switch

Rob Ingram — Wed, 22 Jun 2022 20:34:28 GMT

@Leftz you should look to upgrade your IOS, version 03.06.06E is very old. The newer IOS versions will support the latest ciphers. Something like the following (if supported by your image) would be more secure.

crypto key generate rsa modulus 2048
ip ssh version 2
ip ssh client algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr
ip ssh server algorithm mac hmac-sha1
ip ssh dh min size 2048

Re: Cipher should be replaced at switch

Leftz — Wed, 22 Jun 2022 20:38:19 GMT

@Rob Ingram Thank you very much for your reply!

So the below commands should also fix the issue?

Re: Cipher should be replaced at switch

Rob Ingram — Wed, 22 Jun 2022 20:46:35 GMT

@Leftz if supported by your software image, yes.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-8/configuration_guide/sec/b_168_sec_9300_cg/m9_168_sec_secure_shell_algorithms_cg.pdf

You could see if the more secure ciphers such as the following is accepted in your old IOS version:

ip ssh server algorithm mac hmac-sha2-256, hmac-sha2-512, hmac-sha1

SHA2 will be more secure than SHA1.

Re: Cipher should be replaced at switch

Leftz — Wed, 22 Jun 2022 20:49:17 GMT

Thank you very much for your nice explanation. what command can I use to show current cipher that the switch is using?

Re: Cipher should be replaced at switch

Rob Ingram — Wed, 22 Jun 2022 20:51:52 GMT

@Leftz use "show ip ssh"

Re: Cipher should be replaced at switch

Leftz — Wed, 22 Jun 2022 20:54:12 GMT

Ok I got it. Thank you very much!

Re: Cipher should be replaced at switch

Leftz — Thu, 23 Jun 2022 19:58:23 GMT

@Rob Ingram Is it possible to lose ssh connection after adding these cli? thanks

Re: Cipher should be replaced at switch

Rob Ingram — Thu, 23 Jun 2022 20:02:03 GMT

@Leftz yes it is possible, best to do it via console. Test the commands on a local switch, before rolling out remotely.

Ensure you are using an up to date ssh client that supports the ciphers

Re: Cipher should be replaced at switch

Leftz — Thu, 23 Jun 2022 20:16:48 GMT

Thanks Rob. How to rolling out? I do not think reboot without save can rolling out, right?

and can I say all ciphers at client side have to cover ciphers at its server?

Re: Cipher should be replaced at switch

Rob Ingram — Thu, 23 Jun 2022 20:33:18 GMT

@Leftz to rollout I mean you should test all the commands above are accepted by whatever version of IOS-XE you are running on a local switch, that you have console access - confirm they work before rolling out on the remaining switches. A reboot without saving the configuration would reboot with the old settings.

Use the same client and server settings.