Compensating controls for BEAST vulnerability

ankurj.hazarika

[FONT=&quot]Team- What are some of the compensating controls that can be put into place to mitigate the BEAST vulnerability? My client needs to communicate to a server in another network which cannot disable SSL3.0/TLS1.0 as they are running a legacy application? Please suggest a compensating control.

Thanks,
Ankur[/FONT]

Verities

Have your client move the legacy application onto VMware Thinapp:

ThinApp Agentless Application Virtualization: VMware

NotHackingYou

Is the application delivered through a web browser or thick app? If the client part can do TLS 1.2 but the server end cant, can you front end the web app with a load balancer like F5? Terminate SSL between the networks with TLS 1.2 and have the F5 hand off to the server on SSL3.