APAC_Beta_FTNT
Description

Browser Exploit Against SSL/TLS or BEAST is an attack that exploits a well known vulnerability on Chipher-block Chaining (CBC) mode encryption algorithms (such as AES and 3DES) which affects SSL and TLS v1.0.

BEAST consists of a network sniffer and Javascript/applet agents. It typically attacks SSL in the Client's browsers and not on the Server side's SSL. Once the BEAST agent has been successfully loaded into a client's browser, it wil decrypt all the client's cookies byte by byte. It speeds up the process by predicting known cookie names and stops when it gets the Session Identifier cookies. With the Session Identifier cookies, the attacker will be able to access the victim's secured online accounts.


Scope

FortiWeb MR4 and above


Solution
In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites to avoid the use of vulnerable cypher block chaining (CBC) suites. The FortiWeb does this by offering the RC4 cipher suite first during the SSL/TLS handshake. By default, this feature is enabled.

On the GUI:

Config > Advanced > Prioritize RC4 Cipher Suite

jchoa_FD33697_a_FD33697_BEAST.jpg

On the CLI
# config system advanced
# set prioritize-rc4-cipher-suite {enable|disable}
# end

It should be noted that this is only available in Reverse Proxy deployments.

Contributors