Sophos UTM Update 9.209-8 (bugfix for SSL v3 vulnerability)

The new update is available and fixes the SSL vulnerability: News Security Release Disable SSLv3 support in many services to remove vulnerability to SSLv3 protocol vulnerability (“POODLE”, CVE-2014-3566) Improve Up2Date client support for staged rollout of 9.3 Updating to 9.209 will be required to be able to download the 9.2 to 9.3 Up2Date. Information System … Read more

The SSL v3.0 CBC (Poodle) vulnerability and recommended steps

The SSL v3.0 CBC (Poodle) vulnerability does affect the Sophos UTM appliance. The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the “POODLE” issue. So there must be an attacker who needs … Read more

Cisco WLC Aironet Best Practise on data rates

When you have a good coverage of your wifi environment, you can optimise it by disabling lower data rates. Management Frames will be sent at the lowest given mandatory rate, this slows down your whole wifi network within the cells. The default entry for this is 1 Mbps (2.4 GHz). Here are some facts from … Read more

New Sophos SG appliances available!

Sophos announced the new SG models 105, 115 and 550, 660. They also published information about the new access points. AP15 and AP100. The AP 100 fulfils the 802.11ac standard. The SG 1xx w series has built in 802.11ac WiFi! With the new software version 9.3, Sophos implement consolidated reports call “iView” which is, as I think, … Read more