まっちゃだいふくの日記

セキュリティのこと、ITの気になった記事をリンクしています。

TippingPoint Security Management System 5.4.0 / Threat Protection System 5.4.0 公開のお知らせ:サポート情報 : トレンドマイクロ@ 累積修正や新機能が追加されていますね。

TippingPoint Security Management System 5.4.0 / Threat Protection System 5.4.0 公開のお知らせ:サポート情報 : トレンドマイクロ

TippingPoint Security Management System 5.4.0 / TippingPoint Threat Protection System 5.4.0 が以下の通り公開されました。


■公開開始日
2020年9月16日 (水)

機能等の詳細につきましては以下のRelease Notes(英語)をご覧ください。

Security Management System 5.4.0 Release Notes
Threat Protection System 5.4.0 Release Notes

■アップグレード時の注意点
・TippingPoint SMS を v5.4.0 にアップグレードする場合には、事前に SMS のバージョンを v5.3.0 にアップグレードする必要があります。
What is the upgrade path for my TippingPoint SMS device?


・TippingPoint TPS を TOS 5.4.0 にアップグレードする場合には、事前に TPS の TOS バージョンを 5.3.1 にアップグレードする必要があります。
What is the upgrade path for my TippingPoint IPS/TPS device?
■入手方法
Trend Micro TippingPoint Threat Management Center(TMC)からアップグレード用のモジュールやドキュメントをダウンロード
することができます。
※ログインには TMC アカウントが必要です。

■導入手順
導入手順につきましてはOnline Help Centerからダウンロードできるインストールガイドやユーザーガイドをご参照ください。
※ドキュメントは全て英語です。

サポート情報 : トレンドマイクロ

Security Management System

Release contents

Description Reference
Added real-time threat protection for outbound client SSL traffic. New
The SMS now supports TLSv1.3 in FIPS mode for the following:
• SMS Client communication (ports 9003 and 10042)
• TMC connections
• Device connections
LDAP connections
New
The vSMS now supports VMware vSphere 6.7 and 7.0. New
Performance enhancements prevent SMS clients from being locked out after HA events. TIP-44446
SMS Client does not show device system logs beyond 7 days. TIP-47162
Fixed an issue where the SMS was only adding its name to syslog records for certain types of events. It is now always adding its name properly. TIP-45991
Local scheduled backups no longer fail. TIP-54353
TIP-53109
When you use an encrypted TCP syslog, you no longer have to restart the SMS before certificate changes go into effect. TIP-52245
The vSMS VMWare image is now signed with a cert that expires in three years instead of in one year. TIP-46428
Restrictions for validating host names from the SMS device editor required that the host names matched what was on the device LSM or CLI. This was corrected on the SMS so that fully qualified domain names could be entered into the host name field. TIP-44716
Syntax problems in the CSV file caused the maximum record size to be exceeded, which also caused the error message to not display correctly in the UI. TIP-47381
Repeated CPU halting caused by the kernel version that SMS v5.3 shipped with could cause the Vertica database to become corrupted. TIP-50630
When run from the SMS client, the WHOIS command sometimes yields no results. TIP-52081
An issue that caused URL normalization errors on some devices during URL reputation filtering no longer occurs. TIP-48354
Clicking on the Devices panel would sometimes fail to display the managed devices. Clicking on any other panel after this would freeze the interface. TIP-49499
Under rare conditions, the SMS Diagnostic files could inflate inordinately. TIP-52211
Some Reputation IP exceptions updates were not being applied to the exceptions list after the profile was distributed. This has been corrected. TIP-47958
If a user without access to all groups on the SMS performed an action that would restart the RADIUS login module on the SMS, the map of groups used in RADIUS group mapping would be re-created to contain only the groups that user had permission to view.This release ensures that if the RADIUS login module is restarted, the map will contain all groups on the SMS regardless of user permissions. TIP-53284
An issue that caused the syslog to display old events along with new ones, even though the deployment was configured to forward only new events, has been corrected. TIP-45360
An issue that caused the SMS to enable Auto-Negotiation on a TPS device after an upgrade has been corrected. TIP-47526

Known issues

Description Reference
Attempts to upgrade to v5.4.0 from a release earlier than v5.3.0 results in an error message. If the error message is blank, check the SMS system log for the entire error message. TIP-47930
Performing a backup and restore of the SMS database will not preserve Filter Performance Correlation data. TIP-42709
After you increase the vSMS disk size, you must turn on and then reboot the vSMS again before the extra disk space is achieved. If you originally deployed the vSMS using TOS v5.2.0 or earlier, the increased disk space cannot be fully achieved. TIP-54547
TIP-54548
After an upgrade to SMS v5.3.0 from a previous version, the number of Attacked Vulnerable Hosts on the SMS web management console does not reflect the pre-migration count. TIP-44771
The Edit Bulk action does not remove tag categories from user-provided Reputation entries. To remove tag categories from an entry, go to Profiles > Reputation Database > Search Entries, search for an entry, select entries in the search results, and click Edit. The search results display the first 10,000 entries. If you are modifying more than 10,000 entries, you must repeat this procedure. When searching for URL entries, the search results table will not automatically refresh. Click Search to refresh the table. TIP-37913
Certain naming configurations could trigger a condition that causes profile distributions to fail. To prevent failures, make sure that the names of your profiles, segments, virtual segments,and certificates are less than 55 characters. TIP-45073
TIP-38808
The System Health and Performance graphics display a different power supply status for 440T devices depending on which TOS the SMS is running. SMS v5.0.1 displays n/a, and SMS v5.1.0 displays 50%. TIP-36468
Exporting the hourly report to the SMB share does not work on systems upgraded to SMS 5.3.0.1. SEG-77932
The SMS web management console shows the incorrect time zone only when set to GMT +/-00:30 time zones. For the correct time, refer to the SMS Client console. TIP-33377
The SMS does not activate a Digital Vaccine package when it contains a significant number of malware tags for a filter. TIP-33378
When you attempt to distribute too many TLS/SSL certificates to a device, the resulting error message incorrectly specifies CA certificates as the problem. TIP-44753
When you remove a CA certificate used for authentication from the SMS Authentication CA certificate list—for example, when you delete the authentication configuration from the SMS—the CA certificate is also deleted from the device. If this same CA certificate was distributed to a device as part of the SSL server certificate chain, the device would have an SSL server with a missing CA certificate in its SSL certificate chain. TIP-44645

Threat Protection System

Release Contents

Description Reference
With TOS v5.4.0, TPS devices provide in-line, real-time threat protection for both inbound server SSL traffic and outbound client SSL traffic. New
TOS v5.4.0 includes support for the TLSv1.3 protocol and six new cipher suites, including TLSv1.3-specific ciphers. Learn more from the SSL Inspection User Guide. New
The debug congestion visibility command has been added so you can view how uninspected traffic correlates to any systems or applications that might have been having issues during the congestion period.Note: Use debug commands only when you are instructed to do so by TippingPoint product support. New
A new ipsprefs option has been added to the display conf running command that enables device configuration information (except policy settings) to be displayed. New
In some circumstances, a system crash would prevent users from logging in and would prevent recovery mode. With this release, the console enters recovery mode within minutes of the crash, which enables a TSR, a system reboot, and service mode. TIP-50225
The HTTP Response Processing default setting Accelerated inspection of encoded HTTP responses can now be changed to Inspect encoded HTTP responses. TIP-49369
The remote syslog output now includes a ${deviceFQDN} field that provides both the fully concatenated device hostname label and the fully qualified domain name. This enables some users to distinguish their devices according to the storage rack in which they are connected. TIP-44717
The cs5 Field for Arcsight CEF Format v4.2 no longer disappears from the remote syslog output. TIP-45991
Rolling back to a parent profile after an upgrade no longer puts the device into a processing loop. TIP-46507
Serializing a device object caused all devices and device groups in the tree to be serialized also. This caused devices sent to the client to congest the queue. This issue has been resolved. TIP-44446
A memory leak no longer occurs when you enable the Filter Performance Correlation feature. SEG-78618
Some customers noticed constant TCAM errors after upgrading their devices. This issue has been resolved. TIP-47882
The debug snmp trap command has been added to enable you to test SNMP trap functionality for TPS devices. Note: Use debug commands only when you are instructed to do so by TippingPoint product support. TIP-46338
The chpasswd command no longer fails to recognize the user name. TIP-48275
SSL inspection over VxLAN is now supported. TIP-45678
TIP-45595

Known issues

Description Reference
When you insert a 40 Gbps bypass module (BIOM) into a TX-Series TPS device that has not been upgraded to at least TOS v5.2.0, the module health status LED indicates that the module has experienced a fault (solid amber). To recover from this state:
1. Upgrade the device to TOS v5.2.0 or later.
2. After the upgrade, perform a full reboot of the device.
3. Disable bypass on all BIOMs by selecting the normal option:
• SMS: From the Device menu, click the device and select Device Configuration -> HA (High Availability) -> Zero Power HA.
• LSM: Select System -> High Availability -> Zero-Power HA.
CLI: high-availability zero-power (bypass|normal)(slot|all)
TIP-33655
Under rare conditions, the following error can occur during DNS Reputation filtering: Error TOSPORT NP: DNS Decoder: Parse of generated NXDOMAIN PDU failed; disposition is npDispositionEthTypeUnknown The error indicates merely that the NXDOMAIN response packet was not sent back to the DNS requester. You can safely ignore the error message. TIP-39422
In rare occurrences, the TPS does not decrypt sites and the connection will be blocked. If this occurs for sites that must be accessed, navigate to Profiles > Shared Settings > SSL > Client > Decryption Policies > Domains on your SMS and specify those sites in the do-not-decrypt list. TIP-45656
TIP-49103
Deploying a vTPS in Performance mode fails when using version 6.7 of the ESXi Hypervisor. Workaround: To successfully complete a deployment in Performance mode using ESXi 6.7,follow these steps:
1. Deploy the vTPS in Normal mode.
2. Shut down the vTPS virtual appliance. If the appliance is managed, you can also shut it down from the SMS client by right-clicking the device on the Devices page and selecting Edit > Device Configuration.
3. Configure the vTPS parameters to 6 vCPUs and 16 GB memory.
4. Reboot the vTPS virtual appliance. The SMS automatically recognizes the resource allocation and changes to Performance mode.
5. Examine the output of the show version command to confirm that the device is now running in Performance mode.
SEG-76770
For optimal performance of URL filtering and other memory intensive features running on a vTPS in Normal mode, configure 16 GB of RAM. TIP-33876
When you create a snapshot using the LSM, the browser sometimes times out even though the snapshot creation eventually succeeds. TIP-37112
The TPS presents an untrusted certificate warning for some websites because it cannot verify the certificate chain. Administrators of these websites might not be aware that their sites are not configured with a proper certificate chain, since most browsers have developed ways to automatically work around this issue. Consider the following options for accessing such a website:
• Use mechanisms specific to your browser to bypass the Untrusted certificate warning (for example, add an exception or proceed to the site anyway)
• Have your administrator manually download an intermediate certificate, upload it to your device, and add it the Trust Store on your SMS.
• Consider providing feedback to the website to inform its administrators that their site employs a misconfigured certificate chain.
TIP-37062
System logs do not indicate when the state of a transceiver changes. TIP-39167
When you configure outbound client SSL inspection, the following settings could cause server traffic to the client proxy to drop:
• Client proxy’s decrypted service is set to ‘other,’ and
• IPS deployment type is set to 'Performance-optimize' or 'Security optimized' To avoid this, disable filter 0559.
TIP-53731