1
of 1
(Websites 1 to 9 of 9)
Website security view
Filters
>
Website security
Website security
Filter 1
0 of 9 websites selected
Sort by: Security rating
Certificate security
Server security
Site trust and malware
bbtest.net
Dashboard > Website security > bbtest.net
10
10
3
3
4
Server security would include vulns found from CIC sensor scan only
Certificate security
Server security
Site trust and malware
bbtest.net
Dashboard > Website security > bbtest.net
10
10
3
3
Vulnerability assessment
3
Vulnerability assessment
3
bbtest.net
5
Vulnerabilities
Scanned on Tuesday Oct 23rd 2016
1
Sort by options
• Domain name
• Security rating
• Malware found
• Vulnerabilities found
• Server issues found
• Certificate issues found
We should then sort by domain. E.g. If multiple different subdomains have a security issue they would be shown near each other in the list. (As shown bbtest.net is ahead of shop.bbtest.net).
We want to do this organization so that people can easily see the health of related sites.
Failed ratings should be sorted at the bottom of the fqdn's with issues
1
2
We should have 4 main categories we flag on:
• Servers with vulnerabilities
• Web apps with vulnerabilities
• Certificates with vulnerabilities
• URLs with malware
We should show when the latest vulnerability was discovered (or if there are none the last scan date)
When a user opens an FQDN we should default them to the first tab (from the left) with issues
7
Web application vulnerabilities would contain the PDF armorize report from the cloud scan
7
Website name
Certificate security issues
Server issues
Vulnerabilities
vMalware
Default filters
5
Malware issues
Scanned on Tuesday Oct 23rd 2016
3
Certificate issues
Scanned on Tuesday Oct 23rd 2016
4
Server issues
Scanned on Tuesday Oct 23rd 2016
**Note: Visuals are not final**
3
If malware is available but not enabled for this site:
Link would take the user to the malware management page where they can enable the scan.
Certificate security
Server security
Site trust and malware
bbtest.net
Dashboard > Website security > bbtest.net
10
10
3
3
Vulnerability assessment
3
4e
Server security tab
Server security actions menu
Vulnerability found
primary action
Actions menu
Heartbleed
Learn more
NA
Beast
Learn more
NA
Breach
Learn more
NA
Crime
Learn more
NA
Drown
Learn more
NA
Freak
Learn more
NA
Logjam
Learn more
NA
Poodle
Learn more
NA
RC4
Learn more
NA
Cert security rating actions menu (pending)
Certificate issue
Button?
Root CA strength less than 2048
--
Failed SSL rating for certificates having hybrid algorithms like - DSA with SHA-256, ECDSA with SHA-256 and RSA root.
--
Failed SSL rating for certificates having DSA/ECC roots
--
Global_actions menu:
Actions
Reew
Get new certificate
Save view
Save as new view
Delete views
Filter 2
Issues found
No issues
Not configured
Vulnerabilities found
No vulnerabilities
Not configured
Malware found
No malware
Not configured
3a
3b
IF there is a non symc cert then we should indicate that malware and vulns are not available for those.
Permissions required:
View certificate inventory data
3c
IP address
Filters
Clear all
Has server configuration issues
1
of 10
(Servers 1 to 10 of 6)
Page
Has TLS/SSL server issues
IP
Port
Issue severity
Server configuration issues
TLS/SSL server issues
Certificates
10.212.130.249
443
Critical
Outdated cipher algorithm, weak session key size, Outdated TLS / SSL prototol
BEAST, CRIME, POODLE
1
10.212.130.249
80
Critical
Outdated cipher algorithm, weak session key size, Outdated TLS / SSL protocol
BEAST, CRIME
2
10.212.130.974
389
Critical
Outdated cipher algorithm, weak session key size
BEAST
2
10.212.215.201
22
Critical
Outdated cipher algorithm, weak session key size
CRIME, POODLE
2
10.212.245.215
143
Non-critical
Weak session key size, Outdated TLS / SSL protocol
BEAST, POODLE
1
10.212.245.216
110
Non-critical
Outdated cipher algorithm
BEAST, CRIME, POODLE
2
10.212.245.216
110
Secure
None
None
2
Port
Installed certificates
Server security for 10.212.130.249:443
Dashboard > Website security > bbtest.net > Server security for 10.212.130.249:443
10
10
4
4a
User should be able to filter by issue type, e.g. Beast
By default any IP/ Ports with no issues should be filtered out. User can filter them back in using the filters.
If the TLS / SSL scan is disabled we should show a value of "Not enabled"
4a
4a
User can click on any row to view that server in more detail
4g
IF user clicks view certificate, we open certificate details view
8b
This would open the cert details page for this cert
4b
Default sort order should be severity:
Critical = TLS / SSL critical issues OR any server configuration issues
Non - critical = TLS / SSL only but non critical
Secure = No issues
4b
Chain actions menu
Chain status
primary action
Actions menu
Multiple chains
View chains
NA
One chain (Valid)
View chain
NA
Missing root certificate
View chain
NA
Missing intermediate certificate
View chain
NA
Invalid certificate status- Revoked
Learn more
NA
Invalid certificate status- Expired
Renew certificate (if cert is in renewal window)
View chain (only show view chain if cert is not in renewal window)
Invalid certificate status- certificate not yet valid
View chain
NA
Additional certificates found
View chain
NA
IP
Port
Common name
Security rating
Certificate status
10.212.245.216
110
buy.bbtest.net
Failed
Expired
10.212.130.974
389
www.bbtest.net
Failed
Revoked
10.212.130.249
443
www.bbtest.net
At risk
Valid
10.212.130.249
80
ux.bbtest.net
At risk
Valid
10.212.215.201
22
www.bbtest.net
At risk
Valid
10.212.245.215
143
shop.bbtest.net
Secure
Valid
IP address
Filters
Clear all
Security rating
Certificate status
Port
Common name
Certificate installations
Servers
Issued thru MSSL?
Discovered?
Is symantec?
Malware
Web app vuln
Cert security
TLS / SSL issues
Yes
No
Yes
Available
Available
Not available
Not available
Yes
Yes
Yes
Available
Available
Available
Available
No
Yes
Yes
Not available
Not available
Available
Available
No
Yes
No
Not available
Not available
Available
Available
Site vulnerability and malware scanning conditions
Malware statuses
0
Malware issues
Scanned on Tuesday Oct 23rd 2016
No issues found
Issues found
5
Malware issues
Scanned on Tuesday Oct 23rd 2016
Malware available but not turned on
Turn on malware scanning
Malware not available
Malware scanning is not available for this product
Malware scan error
Malware scan error
Vulnerability statuses
0
Vulnerabilities
Scanned on Tuesday Oct 23rd 2016
No issues found
Issues found
5
Vulnerabilities found
Scanned on Tuesday Oct 23rd 2016
Vulns available but not turned on
Turn on vulnerability assessment
Vulns not available
Vulnerability assessment is not available for this product
Vuln scan error
Vulnerability scan error
Cert security
0
Certificate issues
Scanned on Tuesday Oct 23rd 2016
No issues found
Issues found
5
Certificate issues
Scanned on Tuesday Oct 23rd 2016
Certificate not discovered or scanned
TLS / SSL
0
Server issues
Scanned on Tuesday Oct 23rd 2016
No issues found
Issues found
5
Server issues
Scanned on Tuesday Oct 23rd 2016
Certificate not discovered or scanned
Malware turn on but hasn't scanned yet
Malware
Vulns turn on but hasn't scanned yet
Vulnerabilities
Next scan on Tuesday Oct 23rd 2016
Next scan on Tuesday Oct 23rd 2016
3
2
3c
3b
4c
This column will not be in this phase but we do plan to have it in a future phase. This also includes the filter functionality for "Installed certificates".
4c
Overall rating: At risk
An RSA key size of 1024 bits (or less) is obsolete. Use end entity and intermediate certificates that chain to a root CA certificate with an RSA key size of 2048 bits or larger.
Make sure that all intermediate CA certificates in the chain use the SHA-256 hash algorithm. Modern browsers do not trust certificates that use SHA-1.
Certificate security for 10.212.130.249
Dashboard > Website security > bbtest.net > Certificate security for 10.212.130.249
10
10
Summary
Certificate status
Certificate and chain attributes
3
3
Security risks
Improve your rating
Use an SSL Certificate, preferably an Extended Validation (EV) certificate, that has been authenticated and verified by a trusted Certificate Authority.
To prevent browser warnings, use an SSL certificate with a common name or subject alternative name that contains the fully-qualified domain name of the server that hosts the certificate.
Summary
Certificate status
Certificate and chain attributes
3
3
Security risks
User can click on any row to view that install in more detail
ux.bbtest.net
View certificate details
6
Summary
Certificate status
Certificate and chain attributes
3
3
Security risks
Root CA rating
A DSA key size of 1024 bits (or less) is obsolete. Use end entity and intermediate certificates that chain to a root CA certificate with a DSA key size of 2048 bits or larger.
Google Internet Authority G2 (Intermediate CA) rating
Make sure that all intermediate CA certificates in the chain use the SHA-256 hash algorithm. Modern browsers do not trust certificates that use SHA-1.
CA key strength
RSA 1024
Hash algorithm strength
SHA1
Expiration date
2018-Aug-22-Valid
Use end entity and intermediate certificates that chain to a root CA certificate with an ECC key size of 256 bits or larger.
Geotrust Global GA (Intermediate CA) rating
CA key strength
RSA 2048
CA key strength
RSA 2048
Hash algorithm strength
SHA2 family
Hash algorithm strength
SHA1
Expiration date
2017-Dec-31-Valid
Expiration date
2018-Aug-21-Valid
www.bbtest.net (end entity) rating
Replace certificate
CA key strength
RSA2048
Hash algorithm strength
SHA2 family
Expiration date
2018-Aug-22-Valid
Extended validation
No, Organization validation
bbtest.net aliases to www.bbtest.net
No
To prevent browser warnings, use an SSL certificate with a common name or subject alternative name that contains the fully-qualified domain name of the server that hosts the certificate.
Certificate validity
Validity date current?
Yes
Is the certificate valid?
No
Certificate revocation status verification
www.bbtest.net
OCSP
Google internet authrority G2
OCSP
Geotrust global CA
CRL
Summary
Certificate status
Certificate and chain attributes
3
3
Security risks
Single common name in subject fied
Yes
No null characters in common name
Yes
Valid certificate content
Yes
Each public key is unique to each certificate in the chain
No
Security risks
-
-
-
-
-
-
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean euismod bibendum laoreet. Proin gravida dolor sit amet lacus accumsan et viverra justo commodo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean euismod bibendum laoreet. Proin gravida dolor sit amet lacus accumsan et viverra justo commodo.
8b
Server configuration
TLS/SSL server issues
You are using an outdated protocol. Make sure you have TLS 1.2 protocol enabled on your server.
Cipher algorithm
AES
Session key size
Greater than 256 bits
Transport layer security
TLSv1, SSLv3
Issue
BEAST found 2017-Jan-24
-
-
Certificate chain
Multiple chains
Certificate installed?
Yes (bbtest.net)
View certificate
Application type
Apache HTTP server
Application version
6.1
OS
Microsoft windows server 2008
OS Version
6.1
This server is vulnerable to a BEAST attack. Make sure you have the TLSv1.2 protocol enabled on your server. Disable RC4, MD5, and DES algorithms.
Replace certificate
Critical issues
DROWN found 2017-Jan-24
This server is vulnerable to a DROWN attack. Disable SSLv2 protocol on all servers where the certificate is installed. Contact your web server or appliance vendor for assistance. Symantec recommends TLS v1.2 protocol or higher.
Learn more
Non-critical issues
Issue
SWEET32 found 2017-Jan-24
This server is vulnerable to a SWEET32 attack.
Issue
Learn more
Fix your rating
-
Avoid future issues
-
-
View IX
3a
If vuln scanning is available but not enabled for this site:
Link would take the user to the vulnerability scan management page where they can enable the scan
If cert / Server security rating is available and discovery has been configured but the cert hasn't been scanned:
Link would take the user to the sensors page
IF discovery hasn't been set up then it would take the user to the appropriate step in First time flow
3b
3c
3d
3d
3d
4e
4e
4e
View chains
4f
4f
4g
5
Click this and it would go to norton dot com site to get the seal (generic link)
8a
8a
4d
We should be able to filter by has issues y / n
4d
Root
Intermediate(s)
EE
Certificate issue
Button?
ICA name incorrect under certificate status list and Root CA is not listed
--
Intermediate CA key strength having less than 2048
--
Intermediate CA hash algorithm weak
--
Expired cert (Intermediate)
Download intermediate
Complete chain is not listed when an ICA is missing (ICA missing)
--
Security rating error message If the intermediate CA cert hash algorithm strength is MD5 or MD2
--
Invalid chain
--
Certificate issue
Button?
End Entity Key strength having less than 2048
Replace certificate
SSL Scoring Engine unable to diagnose the issue for certs issued by trusted issuers available in Security Truststore
--
End Entity certificate with SHA1 hash algorithm
Replace certificate
Error message If the end entity hash algorithm is MD5 or MD2
Replace certificate
Expired cert (EE)
Renew certificate
Error message If the end entity hash algorithm strength is unknown.
--
Error message If the End Entity have RSA key strength less than 1024
Replace certificate
Revoked certificate
Replace certificate (only show if we know it hasn't been replaced)
security rating error message If there is a null character in the Common Name for the certificate
Replace certificate
Self signed
--
Invalid chain
--
Not yet valid
--
Any non symantec cert
Replace with Symantec
Failed SSL rating for expired certificates
Renew certificate (if it's in the renewal window)
Issue severity
Vulns available but not turned on
Vulnerability scan not enabled
Turn on vulnerability assessment
Vulns not available
Vuln scan error
Vulns turn on but hasn't scanned yet
Vulnerability scan configured
Next scan on Tuesday Oct 23rd 2016
Malware available but not turned on
Malware scan not enabled
Turn on malware scanning
Malware not available
Malware scan error (for failed and unreachable)
Malware turn on but hasn't scanned yet
Malware scan configured
Next scan on Tuesday Oct 23rd 2016
Cert security rating available but not turned on
Certificate issues
cert security rating not available
This should not happen as adding to discovery scan can always be done
Discover this certificate to scan
Issues found
No issues
Not configured
Certificate installed?
Chain status
primary action
Actions menu
Yes (common name)
View certificate
NA
No
NA
NA
Bulk actions
Set security alert preferences
Actions
Dashboard > Website security > bbtest.net
bbtest.net
SYMANTEC COMPLETE
WEBSITE SECURITY
Pat Smith
Help & Support |
United States |
Certificate security
Server security
Site trust and malware
Vulnerability assessment
3
3
3
Site trust
Get seal code
Norton Secured Seal
Off
Seal-in-Search
Displays the Norton Secured Seal next to your link in search results to show that your website is trusted by Symantec.
Off
Malware found
The Norton Secured Seal and Seal-in-Search for this website are turned off because we found malware on the website.
Issue found on 2017-Jan-24
Solution
Remove the malware from this website. The Norton Secured Seal and Seal-in-Search turn on automatically when the daily malware scan does not find malware on the website.
Malware scanning
Last scan date
2017-Jan-24
Scan point
bbtest.net
Malware found
Page
Actions
bbtest.net/buy
bbtest.net/shop
bbtest.net/UX
View infected code
View infected code
View infected code
Quantity
2
2
4
Status:
Compromised
5
6
Failed pages
0
Site trust
Get seal code
Norton Secured Seal
Off
Seal-in-Search
Displays the Norton Secured Seal next to your link in search results to show that your website is trusted by Symantec.
Off
Scan failed
The Norton Secured Seal and Seal-in-Search for this website are turned off because the last daily malware scan could not find or access one or more of the website's pages.
Status:
Unknown
Solution
Make sure all of the website's pages are publicly accessible and do not require a password. The Norton Secured Seal and Seal-in-Search turn on automatically when the daily malware scan does not find malware on the website.
Solution
Fix the vulnerabilities found in your vulnerability report. The vulnerability assessment status updates automatically after your next weekly vulnerability assessment.
Vulnerability report
Issue found on 2017-Jan-24
{customized report name}
Status:
Not secure
Solution
Status:
Not secure
Make sure your website is publicly accessible and does not require a password. The vulnerability assessment status updates automaticlaly after your next weekly vulnerability assessment.
Link would take the user to the malware / vuln scan tab in the site details
Server security table empty state message
Want to see server's security rating? Set up and run a discovery scan for this server.
Actions
Last successful scan on 2017-Jan-24
Certificate security table empty state message
Want to see certificate's security rating? Set up and run a discovery scan for this certificate.
3f
If they have discovery set up, take them to the sensors page. Otherwise, take them to the first time flow for discovery.
3f
3f
Create summary report
3e
3e
Actions: Set security alert preferences, Create detailed report
Server security for 10.212.130.249:443
Dashboard > Website security > bbtest.net > Server security for 10.212.130.249:443
Server configuration
TLS/SSL server issues
You are using an outdated protocol. Make sure you have TLS 1.2 protocol enabled on your server.
Cipher algorithm
AES
Session key size
Greater than 256 bits
Transport layer security
TLSv1, SSLv3
-
-
Certificate chain
Multiple chains
Certificate installed?
Yes (bbtest.net)
View certificate
Application type
Apache HTTP server
Application version
6.1
OS
Microsoft windows server 2008
OS Version
6.1
View chains
10
10
To see TLS/SSL vulnerability information for this server, update your discovery scan to check for TLS/SSL server issues and scan again.
Server details (discovery scan doesn't include TLS/SSL issues)
4h
4h
Goes to discovery scan set up.
4h
For accurate scan results, make sure there are no firewalls between your sensors and the servers they scan.
Vuln scan secure
Last successful scan on 2017-Jan-24
Status:
Secure
Vulnerability report
{customized report name}
Malware scan secure
Last successfull scan on 2017-Jan-24
Status:
Secure
Site trust
Get seal code
Trust seal
On
Seal-in-search
Displays the Norton Secured Seal next to your link in search results to show that your website is trusted by Symantec.
Vulnerabilities found
We found one or more vulnerabilities on your website.
Scan failed
The last vulnerability assessment failed because it could not connect to your website.
Last successful scan on 2017-Jan-24
View infected code
CLOSE
Malware found on
To remove malware from this website
1. Delete the malware shown below and wait for the next scan to confirm that the malware is gone.
2. Change your web server password frequently and restrict access to your web server.
bbtest.net/buy
How can I protect my website from malware?
Infected lines of code
Proin gravida dolor sit amet lacus accumsan et viverra justo commodo. Sodales pulvinar tempor. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.
Proin gravida dolor sit amet lacus accumsan et viverra justo commodo. Sodales pulvinar tempor. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.
6
Interaction for this:
Open malicious code in a modal popup window
Malware scan error (pending scan)
Site trust
Get seal code
Norton Secured Seal
Off
Seal-in-Search
Displays the Norton Secured Seal next to your link in search results to show that your website is trusted by Symantec.
Off
Scan pending
The Norton Secured Seal and Seal-in-Search for this website are turned off because the website hasn't been scanned yet.
Status:
Unknown
Solution
Wait for the malware scan to run. The Norton Secured Seal and Seal-in-Search turn on automatically when the daily malware scan does not find malware on the website.
Last successful scan on 2017-Jan-24
3. Check your database for other signs of malware injection.
Scan results unavailable
Scan results unavailable
Create detailed report
Actions
Actions
Actions
Actions
3e
3e
3e
3e
This would export the summary report. The only format options available on the reports popup would be XLS and PDF.
This would export the details report. The only format options available on the reports popup would be XLS and PDF.
Server details (discovery scan has not found any TLS / SSL issues)
Server details for 10.212.130.249:443
Dashboard > Website security > bbtest.net > Server details for 10.212.130.249:443
Server configuration
TLS/SSL server issues
Cipher algorithm
AES
Session key size
Greater than 256 bits
Transport layer security
TLSv1
-
-
Certificate chain
Multiple chains
Certificate installed?
Yes (bbtest.net)
View certificate
Application type
Apache HTTP server
Application version
6.1
OS
Microsoft windows server 2008
OS Version
6.1
View chains
No issues found.
Last scanned on 2017-Jan-24
If malware is not available we should hide the malware tab.
If vuln scan is not available we should hide the vuln scan tab.
Malware is scanning another subdomain
Malware scanning is turned on for a different subdomain.
Scan this subdomain