Brocade Fibre Channel Networking Community

Expand all | Collapse all

webtool

  • 1.  webtool

    Posted 02-11-2014 10:55 PM

    Hi i have some questions regarding webtool v6.30

     

    I am curently using the Brocade SAN 5800 switches.

     

    Recently there were some guy doin PENTEST to our switches.

     

    They have found some vulnerabilty.

     

     

    1)Can HTTP TRACE be disabled on the SAN Switch?

         As webtool brocade switches uses a in-built web server, is it possible to configure it to disable HTTP TRACE?

    2)Is there a new version of Apache for the SAN Switch?

    3)Are stronger SSL Ciphers supported on the SAN Switch?

    Apparently,from the test result it show that Weak Cipher is configure on my SAN switch.

    ideally it should be 128 bits key.How do i configure it?

    Accepted SSLv3 56 bits EDH-RSA-DES-CBC-SHA
    Accepted SSLv3 40 bits EXP-EDH-RSA-DES-CBC-SHA
    Accepted SSLv3 56 bits DES-CBC-SHA
    Accepted SSLv3 40 bits EXP-DES-CBC-SHA
    Accepted SSLv3 40 bits EXP-RC2-CBC-MD5
    Accepted SSLv3 40 bits EXP-RC4-MD5
    Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
    Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
    Accepted TLSv1 56 bits DES-CBC-SHA
    Accepted TLSv1 40 bits EXP-DES-CBC-SHA
    Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
    Accepted TLSv1 40 bits EXP-RC4-MD5

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: webtool

    Posted 02-11-2014 11:24 PM

    Apache and other Features/Applications, are part in FOS Package.

     

    you can find details about the release in Brocade OSCD

     

    http://www.brocade.com/services-support/drivers-downloads/oscd/oscd_listings.page

     

    -->> As webtool brocade switches uses a in-built web server, is it possible to configure it to disable HTTP TRACE?

     

    No. however you van disable the http service, but keep in mind in suche case the webtools is not londer available.

     

    Is there a new version of Apache for the SAN Switch?

     

    yes, I would suggest to upgrade to new FOS release, because v6.3.0 is EOS

     

     

     

     

     

     


    #BrocadeFibreChannelNetworkingCommunity