cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 6

AdminUser history and encryption level

Jump to solution

Hi All,

We have been reviewing the security settings around the local admin users passwords, stored on the firewalls and I'm looking for some additional information on this, if you can help.

I know all our admin passwords are sorted within an encrypted format, however is there anyway to find out which level of encryption is used?

ie:  cf adminuser query - returns something like this :

     adminuser add crypt_password=_r...CyqwVBs.uFBVrra directory=/home/AdminUser full_name=AdminUser role=admin shell=tcsh username=AdminUser

Also,  Does the firewall retain a history of previous passwords used, to ensure there is no password reuse in past 12 month etc..?

Any information on this would be greatly appreciated.

Thanks

Paul.

1 Solution

Accepted Solutions
Highlighted
Level 13
Report Inappropriate Content
Message 2 of 6

Re: AdminUser history and encryption level

Jump to solution

Hello Paul,

When you run the "cf adminuser query" or any "cf" command, it typically is accessing the swede database where most of the policy is stored. The database is protected by Type Enforcement. This prevents unauthorized users or processes from accessing this information, though as you mentioned, the passwords are encrypted (and hashed).

To answer your question about previous passwords used, we do not have a function for tracking previous passwords. If enabled though, we can require complex passwords that include a certain amount of special characters, uppercase/lowercase letters, numbers, etc.

Hope this helps,

-Matt

View solution in original post

5 Replies
Highlighted
Level 13
Report Inappropriate Content
Message 2 of 6

Re: AdminUser history and encryption level

Jump to solution

Hello Paul,

When you run the "cf adminuser query" or any "cf" command, it typically is accessing the swede database where most of the policy is stored. The database is protected by Type Enforcement. This prevents unauthorized users or processes from accessing this information, though as you mentioned, the passwords are encrypted (and hashed).

To answer your question about previous passwords used, we do not have a function for tracking previous passwords. If enabled though, we can require complex passwords that include a certain amount of special characters, uppercase/lowercase letters, numbers, etc.

Hope this helps,

-Matt

View solution in original post

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 6

Re: AdminUser history and encryption level

Jump to solution

Hi Matt,

Thank you for your response.

Would you happen to know the encryption algorithm and strength use on the database, such as AES 128+, RSA 2048+, ECC etc.. ?

In addition to the previous question, I've also been trying to find out if the communication traffic between the McAfee firewall admin console, and the firewall (Default port = 9003) is encrypted and what level of encryption is used between these.  I can see on wireshark the data packets are encrypted, but I cannot see anything within the documentation about this.

Regards

Paul.

Highlighted
Level 10
Report Inappropriate Content
Message 4 of 6

Re: AdminUser history and encryption level

Jump to solution

Hi Paul,

the Admin Console traffic is encrypted using SSL - you can easily check by connecting to port 9003 using a web browser.

Oliver

Level 13
Report Inappropriate Content
Message 5 of 6

Re: AdminUser history and encryption level

Jump to solution

Hello,

The database itself is not encrypted, but the Type Enforcement on it is very secure.

I have not tried using the web browser to connect, but that may actually give you some more information. Good idea.

To gather information on what is allowed when connecting to the Admin Console, you can run this command:

merry:Admn {2} % cf ssl q proxy=cobra

ssl set proxy=cobra ssl_versions=tls1.2,tls1.1,tls1 cert_authorities='' \

    firewall_certs=cert:Default_SSL_Cert \

    ciphers=DHE-RSA-AES256-SHA256,DHE-RSA-AES256-SHA,AES256-SHA256,AES256-SHA,EDH-RSA-DES-CBC3-SHA,DES-CBC3-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES128-SHA,AES128-SHA256,AES128-SHA,RC4-SHA \

    last_changed_by='system on Tue Jun  2 09:48:22 2015'

Also when you are connected to the Admin Console, you can set what certificate it uses by going to Maintenance>Remote Access Manager.

-Matt

Highlighted
Level 7
Report Inappropriate Content
Message 6 of 6

Re: AdminUser history and encryption level

Jump to solution

Thank you for the information Matt & Oliver.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community