Compensating controls for BEAST vulnerability
ankurj.hazarika
Member Posts: 56 ■■□□□□□□□□
in Off-Topic
[FONT="]Team- What are some of the compensating controls that can be put into place to mitigate the BEAST vulnerability? My client needs to communicate to a server in another network which cannot disable SSL3.0/TLS1.0 as they are running a legacy application? Please suggest a compensating control.
Thanks,
Ankur[/FONT]
Thanks,
Ankur[/FONT]
Comments
-
Verities
Member Posts: 1,162
Have your client move the legacy application onto VMware Thinapp:
ThinApp Agentless Application Virtualization: VMware -
NotHackingYou
Member Posts: 1,460 ■■■■■■■■□□
Is the application delivered through a web browser or thick app? If the client part can do TLS 1.2 but the server end cant, can you front end the web app with a load balancer like F5? Terminate SSL between the networks with TLS 1.2 and have the F5 hand off to the server on SSL3.When you go the extra mile, there's no traffic.