Quantcast
Channel: Uninterruptible Power Supplies (UPS)
Viewing all articles
Browse latest Browse all 1648

APC UPS Network Management Card 2 --> TLS 1.2 Only? NOPE.

$
0
0

We've got several APC UPSNetwork Management Card 2s in battery backup units. While they are on a separate management VLAN, I still like buttoning down stuff as much as possible. In this case, it is disabling unused services and enabling TLS 1.2 only for its HTTPS web UI.

Under Network Web Access, you have the option for "Minimum Protocol". I had set them to TLS 1.2 and rebooted them to enact the setting change. When scanning them with Rapid7 Nexpose and checking SSL connectivity via nmap, under firmware version 6.4.0, TLS 1.0, TLS 1.1 and even SSLv3 were all still enabled. WHAT THE HECK?!

So...what to do? Check for a firmware update. Oh, good, a version 6.5.0 came out this summer! Let's install that. Okay, set the "Minimum Protocol" setting back to TLS 1.2 (it had been reset to TLS 1.1 by the firmware update)and let's scan them again.

...


Viewing all articles
Browse latest Browse all 1648

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>