5 Replies Latest reply on Jun 3, 2015 4:32 AM by paulc

    AdminUser history and encryption level


      Hi All,


      We have been reviewing the security settings around the local admin users passwords, stored on the firewalls and I'm looking for some additional information on this, if you can help.


      I know all our admin passwords are sorted within an encrypted format, however is there anyway to find out which level of encryption is used?

      ie:  cf adminuser query - returns something like this :

           adminuser add crypt_password=_r...CyqwVBs.uFBVrra directory=/home/AdminUser full_name=AdminUser role=admin shell=tcsh username=AdminUser


      Also,  Does the firewall retain a history of previous passwords used, to ensure there is no password reuse in past 12 month etc..?


      Any information on this would be greatly appreciated.




        • 1. Re: AdminUser history and encryption level

          Hello Paul,


          When you run the "cf adminuser query" or any "cf" command, it typically is accessing the swede database where most of the policy is stored. The database is protected by Type Enforcement. This prevents unauthorized users or processes from accessing this information, though as you mentioned, the passwords are encrypted (and hashed).


          To answer your question about previous passwords used, we do not have a function for tracking previous passwords. If enabled though, we can require complex passwords that include a certain amount of special characters, uppercase/lowercase letters, numbers, etc.


          Hope this helps,



          • 2. Re: AdminUser history and encryption level

            Hi Matt,


            Thank you for your response.

            Would you happen to know the encryption algorithm and strength use on the database, such as AES 128+, RSA 2048+, ECC etc.. ?


            In addition to the previous question, I've also been trying to find out if the communication traffic between the McAfee firewall admin console, and the firewall (Default port = 9003) is encrypted and what level of encryption is used between these.  I can see on wireshark the data packets are encrypted, but I cannot see anything within the documentation about this.





            • 3. Re: AdminUser history and encryption level

              Hi Paul,


              the Admin Console traffic is encrypted using SSL - you can easily check by connecting to port 9003 using a web browser.



              • 4. Re: AdminUser history and encryption level



                The database itself is not encrypted, but the Type Enforcement on it is very secure.


                I have not tried using the web browser to connect, but that may actually give you some more information. Good idea.


                To gather information on what is allowed when connecting to the Admin Console, you can run this command:


                merry:Admn {2} % cf ssl q proxy=cobra

                ssl set proxy=cobra ssl_versions=tls1.2,tls1.1,tls1 cert_authorities='' \

                    firewall_certs=cert:Default_SSL_Cert \

                    ciphers=DHE-RSA-AES256-SHA256,DHE-RSA-AES256-SHA,AES256-SHA256,AES256-SHA,EDH-R SA-DES-CBC3-SHA,DES-CBC3-SHA,DHE-RSA-AES128-SHA256,DHE-RSA-AES128-SHA,AES128-SHA 256,AES128-SHA,RC4-SHA \

                    last_changed_by='system on Tue Jun  2 09:48:22 2015'


                Also when you are connected to the Admin Console, you can set what certificate it uses by going to Maintenance>Remote Access Manager.



                • 5. Re: AdminUser history and encryption level

                  Thank you for the information Matt & Oliver.