Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1989
Views
0
Helpful
2
Replies

Ethical Intruder findings

macgyver0099_1
Level 1
Level 1

‎06-27-2019 03:06 PM - edited ‎02-20-2020 09:09 PM

Hi,


Recently, Ethical Intruder conducted an audit of our networking gear at our main location. The resulting report identified one of my switches, a WS-C2960S-48FPS-L, as having the following vulnerabilities. I suspect that one or all of these can be resolved by altering the crypto key encryption to 2048. The report has been attached. Can anyone tell me if that is correct and if anything else needs to be done?

Labels:
Preview file
68 KB
0 Helpful
2 Replies 2

johnd2310
Level 8
Level 8

‎06-27-2019 05:10 PM

Hi,

Your switch supports weak ciphers and is vulnerable to some ssl attacks. Altering the key will not resolve the issue. You will need to upgrade the ios on the switch. What ios version are you running? What is the output of the command "show ip http server all"?

If not required disable the http and https server on the switch: no ip http server and no ip http secure-server

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

macgyver0099_1
Level 1
Level 1
In response to johnd2310

‎07-01-2019 10:58 AM

Hello,

 

Thank you for your reply.  I had http server disabled, but not https server.  I just disabled it.  I am running c2960s-universalk9-mz.122-55.SE5, which is the same version as switches that didn't fail the Ethical Intruder audit.  The only difference I see between them is the ip https server setting. Anything else that needs to be explored?

0 Helpful
Customers Also Viewed These Support Documents