How to protect my network from the SSL v3.0 “POODLE” vulnerability?
To address the issue, on the 30th of October 2014 ZyXEL has released new IDP signatures, versions 22.214.171.124 and 126.96.36.199, for its Next-Gen USG Series gateways and ZyWALL Series VPN firewalls. The IDP signatures will enable devices to activate the following protection and guard networks against the POODLE vulnerability by blocking all types of access using the SSL v3.0 protocol.
In the meantime, it is recommended that our customers immediately take steps to disable SSL v3.0 support for applications on both servers and clients. Many applications that use better encryption by default, implement SSL v3.0 support as a fallback option. This should be disabled to prevent malicious users from forcing SSL v3.0 communication in cases where both parties allow it as an acceptable method. End-users can follow the steps described in the following links to preven any mishaps.
Additionally, a new firmware patch will be released in the middle of November 2014 that deactivates the SSL v3.0 setting by factory default. This is to avoid data leakage from communication between client and server.
|USG 1900||Next-Gen Unified Security Gateway-Extreme Series|
|USG 1100||Next-Gen Unified Security Gateway-Extreme Series|
|USG 310||Next-Gen Unified Security Gateway-Advanced Series|
|USG 210||Next-Gen Unified Security Gateway-Advanced Series|
|USG 110||Next-Gen Unified Security Gateway-Advanced Series|
|USG 60W||Next-Gen Unified Security Gateway-Performance Series|
|USG 60||Next-Gen Unified Security Gateway-Performance Series|
|USG 40W||Next-Gen Unified Security Gateway-Performance Series|
|USG 40||Next-Gen Unified Security Gateway-Performance Series|