community Alteryx IO MyAlteryx
alteryx Community
Search
This Board
  • Global Community
  • This Category
  • This Board
  • Knowledge
  • Users
 cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Close
Free Trial

Alteryx Server Discussions

Find answers, ask questions, and share expertise about Alteryx Server.

Alteryx Server Hardening

stuartpollicott
6 - Meteoroid
‎10-03-2018 02:00 AM

Hi all, just installed a one machine Alteryx Server on Windows Server.  So....   We then perform security scans with Qualys and the following vulnerability has come up, but I can find NO hardening guides from Alteryx, unlike Tableau whom have a good one....

 

What can I do to remove this vulnerability?

 

"CVE-2017-6168, CVE-2017-17382, CVE-2017-17427, CVE-2017-17428, CVE-2017-12373, CVE-2017-13098, CVE-2017-1000385, CVE-2017-13099, CVE-2016-6883, CVE-2012-5081

 

The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions.

 

An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

 

For updates refer to the robot advisory ROBOT (https://robotattack.org/)

 Patch:
Following are links for downloading patches to fix the vulnerabilities:
  ROBOT (https://robotattack.org/)"

 

 

 

 

 

Reply
0 Likes
3 REPLIES 3
TrevorS
Alteryx Alumni (Retired)
‎10-03-2018 02:34 PM

Hello stuartpollicott,

 

Thank you for providing us with this information. I have reached out to my Support team to look into this further, and someone should be in touch with you soon!
Please let me know if there is anything else I can do for you.

TrevorS

Community Moderator
Reply
0 Likes
rpalumbo
5 - Atom
‎11-08-2018 06:55 AM

Have there been any updates on this post?

 

Also what version of Alteryx Server are you using?

 

Thanks!

Reply
0 Likes
ChristianR
Alteryx Alumni (Retired)
‎11-08-2018 10:07 AM

I am happy to share the following feedback from my team regarding the above request:

 

If you just need to know how to restrict the insecure ciphers, you can follow the instructions at the top of this page. Those instructions use gpedit.msc to enable the cipher suite order and put in a new string for the negotiation order.

Available/preferred cipher suits protocols etc are managed by the Schannel configuration within Windows and not our software. We recommend to secure Schannel just as you would with any other windows server. We recommend using IISCrypto as it makes changing these settings really easy, but of course you should consult with your Windows Security Admin first.

Christian Rincon
Manager, Customer Support
Alteryx, Inc.
Reply
server new user guide
Labels
Top Solution Authors
View All