Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Suggest an Idea

Announcements
This page is no longer in use. To suggest an idea, please visit Browse and Suggest.

Accounts Using RC4 Depreciation - Server Hardening

Alan_Slaughter
Support
Support
‎2022-09-27 08:42 AM

Accounts Using RC4 Depreciation - Server Hardening

Hi Team,
We have internal security compliance, request you to please review the below and suggest for QilkView and QlikSense?
Potential action requested: Server Hardening – Project 14
WIN-21 Awareness: RC4 Depreciation & AES 128 & 256 Support
This notice is to advise of upcoming changes relating to the use of RC4 within Kerberos authentication and the potential steps that will need to be taken by application owners.
Please review the information below that includes a summary of this phase, list of key considerations, and next steps.

Background
Project 14 Server Hardening (Ransomware) has been implemented to proactively mitigate ransomware risk on the global server estate.
To strengthen Deloitte systems, ensure compliance to Global Cybersecurity Standards (Encryption Management SS.19), and protect against Ransomware attacks—specifically, an attack known commonly as “Kerberoasting”—changes to the Global managed Domain Controllers and Active Directory will be implemented to disable support for RC4 encryption in Kerberos Authentication.

Preparation and plan
While it is expected that standard Kerberos authentication attempts by Windows operating systems will continue unhindered, disabling the use of RC4 may impact applications and require some investigation and remediation. Research and testing show that Java, Python, and .NET applications may be impacted.
All member firms should investigate the current configurations of their applications, wherever Kerberos is used for authentication. We are requesting that these applications are modified so that they support AES 128 & 256 and “all future encryption methods.”

Reports based on Active Directory log data to identify where RC4 is being used will be made available to member firms and app teams for review on the Server Hardening Teams site.
A series of changes will be made to set preferences for encryption to be used, enable logging, and then deny the use of RC4.

Application changes
We expect there to be changes required to applications to support AES; some applications may face issues if they have a reliance on RC4 Kerberos for authentication.
Configuration management documentation of .Net, Python, and Java will detail encryption and Kerberos information; however, app teams should review all relevant documentation and information sources.

Next steps
Starting the week of 5 September, the project team will reach out to relevant application teams that continue to use RC4 to commence remediation activities and ensure that applications utilize AES 128 & 256 instead.

 

Status: Closed - Archived Submitted by Support on ‎2022-09-27 08:42 AM
560 Views
2 Comments
Meghann_MacDonald
Employee
Employee
‎2023-08-02 10:55 AM

From now on, please track this idea from the Ideation portal. 

Link to new idea

Meghann

NOTE: Upon clicking this link 2 tabs may open - please feel free to close the one with a login page. If you only see 1 tab with the login page, please try clicking this link first: Authenticate me! then try the link above again. Ensure pop-up blocker is off.

Ideation
Newbie
Newbie
‎2023-08-02 10:55 AM
 
Status changed to: Closed - Archived
Subscribe by Topic