06-27-2019 03:06 PM - edited 02-20-2020 09:09 PM
Hi,
Recently, Ethical Intruder conducted an audit of our networking gear at our main location. The resulting report identified one of my switches, a WS-C2960S-48FPS-L, as having the following vulnerabilities. I suspect that one or all of these can be resolved by altering the crypto key encryption to 2048. The report has been attached. Can anyone tell me if that is correct and if anything else needs to be done?
06-27-2019 05:10 PM
Hi,
Your switch supports weak ciphers and is vulnerable to some ssl attacks. Altering the key will not resolve the issue. You will need to upgrade the ios on the switch. What ios version are you running? What is the output of the command "show ip http server all"?
If not required disable the http and https server on the switch: no ip http server and no ip http secure-server
Thanks
John
07-01-2019 10:58 AM
Hello,
Thank you for your reply. I had http server disabled, but not https server. I just disabled it. I am running c2960s-universalk9-mz.122-55.SE5, which is the same version as switches that didn't fail the Ethical Intruder audit. The only difference I see between them is the ip https server setting. Anything else that needs to be explored?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide