Jump to content


Photo

Improve security of appliance to meet compliance

security PCI HIPAA NIST

  • Please log in to reply
1 reply to this topic

#1 Andy Farrior

Andy Farrior
  • Members
  • 2 posts

Posted 17 January 2020 - 11:20 AM

A recent test with Immuniweb shows that the barracuda SPAM firewall appliance is using some security options that are not PCI, HIPPA, NIST compliant.

  https://www.immuniweb.com/ssl/

 

Request addressing these issues in next firmware release.

 

 

Issues found:

 

TSLv1.1:

TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Non-compliant with PCI DSS requirements,Non-compliant with HIPAA guidance, Non-compliant with NIST guidelines
 
 
SERVER DOES NOT SUPPORT OCSP STAPLING

The server does not support OCSP stapling for its RSA certificate. Its support allows better verification of the certificate validation status.

Non-compliant with HIPAA guidance, Non-compliant with NIST guidelines

 

 

NO SUPPORT FOR COMMON CURVES
The server does not support P-256 or P-384 curves which are required by HIPAA guidance.
Non-compliant with HIPAA guidance, Non-compliant with NIST guidelines

EC_POINT_FORMAT EXTENSION
The server supports elliptic curves but not the EC_POINT_FORMAT TLS extension.
Non-compliant with HIPAA guidance, Non-compliant with NIST guidelines

SERVER DOES NOT HAVE CIPHER PREFERENCE
The server does not prefer cipher suites. We advise to enable this feature in order to enforce usage of the best cipher suites selected.



 

 



#2 Michael Manning

Michael Manning
  • Members
  • 262 posts
  • LocationOhio, USA

Posted 24 January 2020 - 09:28 AM

Isn't this the sub forum for the cloud security service, not the appliance?