03 19 2013 19:10:40 10.128.68.92 Juniper: 2013-03-19 19:10:40 – JuniperFirewall01 – [] ()[Standard User Profile] – Requesting user to confirm access to invalid SSL site – Host: 10.1.0.50, Port: 443, Request: GET /index.php HTTP/1.1
Here’s an interesting event we caught this week. In this case, a Juniper Firewall has identified a user accepting an invalid SSL cert. This could be a sign of a man-in-the-middle attack or spoofed website.
The Juniper can be configured to explicitly deny this traffic, but in this case is allowing the traffic and logging the activity. This will add flexibility to your Juniper deployment as you can give your users permission to accept certificates but still audit the activity later.
Businesses need to stay proactive to protect their infrastructure from emerging attack vectors. LogRhythm provides a cybersecurity…
The combined company will bring together two cybersecurity SIEM and UEBA innovation leaders with renowned…
Security teams face the challenge of staying ahead of new and advanced threats. By harnessing…