PDSWSS
asked on
How would I disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services?
A Security Scan found that one of our boxes that is running Windows Server 2003 SP2 has the following vulnerability-
SSL Server Allows Anonymous Authentication Vulnerability
Suggested solution: disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.
What is the best way to accomplish this in Windows Server 2003?
Thanks
SSL Server Allows Anonymous Authentication Vulnerability
Suggested solution: disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.
What is the best way to accomplish this in Windows Server 2003?
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
David Paris Vicente
I applied your suggested setting to the registry.
Is there a way to test whether "SSL Server Allows Anonymous Authentication Vulnerability" has been addressed without
asking our University to run another security scan?
Thanks
I applied your suggested setting to the registry.
Is there a way to test whether "SSL Server Allows Anonymous Authentication Vulnerability" has been addressed without
asking our University to run another security scan?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
Please clarify - In your first post you said Dword value should = enabled
In your second post you said Dword should = 0 and 0 = disabled.
Please clarify - In your first post you said Dword value should = enabled
In your second post you said Dword should = 0 and 0 = disabled.
Sorry for not being clear.
I wanted to say that in the Value Name for the DWORD properties it is indeed Enabled and in the Value Data you should choose the Hexadecimal Base and insert the value 0.
This value has its equivalent in Binary to 00000000.
In binary 0 equals Disabled and opposite is 1, meaning Enabled.
As you want to disable it you should set the Value Data to 0. But if in the future you want to enable it, you have to change Value Data to 1.
See Example Attached.
And in my second post I mentioned other Key Regs that you need to change in case your security scan detects any vulnerability with the protocols mentioned on your question. "PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0"
I hope it helps.
I wanted to say that in the Value Name for the DWORD properties it is indeed Enabled and in the Value Data you should choose the Hexadecimal Base and insert the value 0.
This value has its equivalent in Binary to 00000000.
In binary 0 equals Disabled and opposite is 1, meaning Enabled.
As you want to disable it you should set the Value Data to 0. But if in the future you want to enable it, you have to change Value Data to 1.
See Example Attached.
And in my second post I mentioned other Key Regs that you need to change in case your security scan detects any vulnerability with the protocols mentioned on your question. "PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0"
I hope it helps.
ASKER
Thanks for clarifying. Will not be able to get to this until Monday AM. At that time will test and give you the points.
ASKER
Thanks for your help.
ASKER