My vulnerability scanning server is detecting weak ciphers and SSL v2 are
available on installations of W2k8/IIS7. I have been through many forums,
blogs and posts and they all seem to point to the traditional registry
settings update that we do on W2k and W2k3. They don't seem to work on
Windows 2008. I work in the Security unit and have requested the
administrators for the servers test the registry settings with reboot. After
multiple iterations and retesting, we've confirmed the settings don’t work.
Does anyone have updated registry settings or a process that I can follow to
disable these?
Below are my current settings (for W2k/W2k3)
Registry Settings:
----------------------------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\NULL]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\PCT 1.0\Server]
"Enabled"=dword:0000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
----------------------------------------------------------------------------
Please assist. Thank you, Keith
|
Similar Threads
Linear Mode
