http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://www.wired.com/2014/10/poodle-explained/
https://isc.sans.edu/diary/OpenSSL%3A+SSLv3+POODLE+Vulnerability+Official+Release/18827
https://www.imperialviolet.org/2014/10/14/poodle.html
In response to this, we recently added some SSLv3 queries:
http://blog.securityonion.net/2014/10/new-securityonion-web-page-package-adds.html
Today, we're adding some additional ELSA queries to allow you to see your SSL traffic grouped by version or by cipher.
SSL - Top SSL Versions |
SSL - Top SSL Ciphers |
Today's update will also reconfigure Security Onion's Apache instance to no longer accept connections using SSLv3.
The new package versions are as follows:
securityonion-elsa-extras - 20131117-1ubuntu0securityonion45
securityonion-web-page - 20141015-0ubuntu0securityonion2
Issues Resolved
Issue 629: securityonion-web-page: disable SSLv3 in Apache ssl.conf
https://code.google.com/p/security-onion/issues/detail?id=629
Issue 627: securityonion-web-page: separate syslog-ng into program and host queries
https://code.google.com/p/security-onion/issues/detail?id=627
Issue 631: securityonion-web-page: collapse query categories by default
https://code.google.com/p/security-onion/issues/detail?id=631
Issue 634: securityonion-web-page: add queries for ssl_version and ssl_cipher
https://code.google.com/p/security-onion/issues/detail?id=634
Issue 633: securityonion-elsa-extras: parse ssl_version and ssl_cipher out of Bro ssl.log
https://code.google.com/p/security-onion/issues/detail?id=633
Updating
The new packages are now available in our stable repo. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
Updating with "sudo soup" |
Restarting Apache with "sudo service apache2 restart" |
Verifying that Apache no longer accepts SSLv3 connections |
Thanks
Thanks to Lee Sharp for providing the new collapsible query categories!
Thanks to Eddy Simons and David Zawdie for testing!
Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists
Commercial Support
Need commercial support? Please see:
http://securityonionsolutions.com
Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers
We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion
We also need help testing new packages:
http://groups.google.com/group/security-onion-testing
Thanks!
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.