Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Alteryx Server Hardening

stuartpollicott
6 - Meteoroid

Hi all, just installed a one machine Alteryx Server on Windows Server.  So....   We then perform security scans with Qualys and the following vulnerability has come up, but I can find NO hardening guides from Alteryx, unlike Tableau whom have a good one....

 

What can I do to remove this vulnerability?

 

"CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081

 

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.

 

An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

 

For updates refer to the robot advisory ROBOT (https://robotattack.org/)

 Patch:
Following are links for downloading patches to fix the vulnerabilities:
  ROBOT (https://robotattack.org/)"

 

 

 

 

 

3 REPLIES 3
TrevorS
Alteryx Alumni (Retired)

Hello stuartpollicott,

 

Thank you for providing us with this information. I have reached out to my Support team to look into this further, and someone should be in touch with you soon!
Please let me know if there is anything else I can do for you.

TrevorS

Community Moderator
rpalumbo
5 - Atom

Have there been any updates on this post?

 

Also what version of Alteryx Server are you using?

 

Thanks!

ChristianR
Alteryx Alumni (Retired)

I am happy to share the following feedback from my team regarding the above request:

 

If you just need to know how to restrict the insecure ciphers, you can follow the instructions at the top of this page. Those instructions use gpedit.msc to enable the cipher suite order and put in a new string for the negotiation order.

Available/preferred cipher suits protocols etc are managed by the Schannel configuration within Windows and not our software. We recommend to secure Schannel just as you would with any other windows server. We recommend using IISCrypto as it makes changing these settings really easy, but of course you should consult with your Windows Security Admin first.

Christian Rincon
Manager, Customer Support
Alteryx, Inc.