Scribd Logo
Upload

Welcome to Scribd!

  • Using The ETA Cryptographic Audit Application (7.0)

    Uploaded by

    khushal ameta
    20 views8 pages
    alarm

    Original Title

    Using the ETA Cryptographic Audit Application (7.0)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    alarm

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views8 pages

    Using The ETA Cryptographic Audit Application (7.0)

    Uploaded by

    khushal ameta
    alarm

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Using the ETA Cryptographic Audit

    Application (7.0)
    Use Case Abstract
    Customer situation
    In response to the increasing risks to network security, cryptography is rising in use as a means for providing greater
    security to the enterprise. However, cryptography can provide network administrators with new challenges if not properly
    classified to the appropriate hosts in the organization. Weaknesses in the hash algorithms used can lead to attackers
    obtaining fraudulent certificates. Improvements in available technology make attacks more feasible. As new attacks are
    found, the use of older algorithms is discouraged and support for them must be removed.

    Solution
    Use Cisco Stealthwatch® ETA Cryptographic Audit application to monitor the algorithms being used on the network.
    Stealthwatch has the ability to segment the network into separate host groups. The ETA Cryptographic Audit application can
    monitor those host groups to make sure weak cyphers are not being used.

    Minimum requirements
    The Cisco Stealthwatch system configuration minimum requirements are:

     Visibility of all host-to-host traffic from the core/distribution

     Stealthwatch Release 7.0 or greater

    And any one of the following:

     Cisco Catalyst 9300 series or above switch

     ASR 1000 Series Aggregation Services Routers

     4000 Series Integrated Services Routers

     Cloud Services Router 1000V Series

    Page 1 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    Stealthwatch App Manager


    As of Stealthwatch Release 7.0, Central Management includes an interface called the App Manager. The App Manager
    allows you to install applications that are available in the Flexera Download Center. These applications can be installed,
    uninstalled, or updated outside of normal Stealthwatch updates.

    Access the Central Management interface via the Stealthwatch Management Console (SMC) Web User Interface (UI).

    The Central Management page displays. Click on the App Manager tab. Here, you can install, uninstall, or update
    Stealthwatch apps.

    Page 2 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    Using the ETA Cryptographic Audit Application


    Use the ETA Cryptographic Audit app to do the following:

     Create a time-range based report on encrypted connections to critical servers. Reports include the following:
    amount of data, connection types, TLS and Crypto algorithms and parameters.

     Investigate the cryptographic parameters between a subject IP (a server) and all of its peers (or clients).

     Confirm the encrypted communication channels used are PCI compliant.

     Create ETA reports for specific hosts through Stealthwatch Flow Search. The results can be exported as CSV.

    After installing, the ETA Cryptographic Audit app appears in the Dashboards tab.

    The dashboard displays.

    Select a time range and a host group to monitor. Click Search.

    The audit results display.

    Page 3 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    We can see from the above results that 4.60% of the traffic is being transferred using TLS 1.0 and
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA Cipher Suite. The rest is not using any encryption at all. TLS 1.0 is not generally
    accepted as secure and should not be allowed within the security policy.

    Click on the ellipsis in the Actions column to view the flows for this host.

    The results of the flow search display. Notice that host 10.1.1.15 is the host using the unauthorized TLS version.

    Page 4 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    Return to the ETA Cryptographic Audit App to generate a report or download a CSV of the results. In this scenario, we will
    generate a report.

    Click Generate report to create a printable report. Click the link, Click here to view the report.

    Page 5 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    The report opens. Notice that the report contains a summary of host groups.

    The report also contains a detail report of each host in the host group.

    Page 6 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    With these audit results, security administrators can manage the encrypted traffic and cypher suites being used on the
    network. They can take action where needed to enforce the encryption policy for the organization.

    Page 7 of 8
    Using the ETA Cryptographic Audit Application (7.0)

    Additional Resources
    The following use cases provide more information on the topics covered in this use case:

     Detecting Malware in Encrypted Traffic

     Detecting Obsolete Encryption Protocols

    Page 8 of 8

    You might also like