Register
A security analyst for a bank received an anonymous tip on the external banking website showing the following: ✑ Protocols supported- TLS 1.0- SSL 3- SSL 2 ✑ Cipher suites supported- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH
168k views
5 votes
A security analyst for a bank received an anonymous tip on the external banking website showing the following:

✑ Protocols supported- TLS 1.0- SSL 3- SSL 2
✑ Cipher suites supported- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA-ECDH p256r1- TLS_DHE_RSA_WITH_AES_256_CBC_SHA-DH 1024bit- TLS_RSA_WITH_RC4_128_SHA
✑ TLS_FALLBACK_SCSV non supported✑ POODLE
✑ Weak PFS
✑ OCSP stapling supported

Which of the following should the analyst use to reproduce these findings comprehensively?

A. Query the OCSP responder and review revocation information for the user certificates.
B. Review CA-supported ciphers and inspect the connection through an HTTP proxy.
C. Perform a POODLE (SSLv3) attack using an exploitations framework and inspect the output.
D. Inspect the server certificate and simulate SSL/TLS handshakes for enumeration.

User Aryan Najafi
by
7.8k points

1 Answer

2 votes

Final answer:

The analyst should inspect the server certificate and simulate SSL/TLS handshakes to reproduce the findings about supported protocols and cipher suites. This will verify TLS_FALLBACK_SCSV support, POODLE vulnerability, weak PFS presence, and implement OCSP stapling.

Step-by-step explanation:

The student is asking which method should be used to comprehensively reproduce the security findings related to the bank's external website's encryption protocols and cipher suites. Considering the details provided, the best course of action would be to inspect the server certificate and simulate SSL/TLS handshakes for enumeration. This process will allow the security analyst to identify the supported protocols, cipher suites, and any vulnerabilities like POODLE (related to SSLv3) or issues with weak PFS (Perfect Forward Secrecy).

To perform this task, the analyst might use tools like OpenSSL or testssl.sh to conduct a thorough analysis of the encryption settings. Simulating handshakes will reveal whether TLS_FALLBACK_SCSV is supported, ensuring the protection against downgrading attacks is effective. Additionally, this approach will validate the implementation of OCSP stapling and provide an overall security posture of the TLS implementation on the banking website.

It is crucial to perform these analyses in a controlled and ethical manner, in compliance with legal standards and organizational policies. Reproducing these findings will help the analyst confirm the vulnerabilities and move forward with remediating the issues to secure the bank's website.

User Chirinosky
by
8.1k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is the best way to describe a stock market?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!