Solved

SBS 2008 Pci Compliance

Posted on 2011-02-22
6
917 Views
Last Modified: 2012-05-11
PCI compliance scan is failing because of this, I'm aware of adjustements that need to be made for 2003, but this is on a SBS 2008. Anybody have any ideas for a fix? RWW must be enable, users need it so that is not an option.


Description: Microsoft IIS Authentication Method Disclosed remote.mbros.com67.139.88.218Windows Server 2008Feb 22 14:46:38 2011newSeverity: Area of Concern CVE: CVE-2002-0419 5.02738new11Impact: An attacker could determine which authentication scheme is required for confidential web pages. This can be used for
brute force attacks against known User IDs. Background: Microsoft IIS web servers support Basic and NTLM authentication. Determination of which authentication is used by a server may help with further intelligent attacks against the server or brute force password attacks. Resolution Use Fix information in [http://seclists.org/bugtraq/2002/Mar/00 94.html] Considerations for IIS authentication. Vulnerability Details: Service: https Sent: GET  / HTTP/1.1 Host: remote.mbros.com Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAA AA= Received: 401 Unauthorized returned indicating NTLM Authentication [More]
[Hide]
0
Comment
Question by:Expetec-Roseville
  • 3
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961792
Susan Bradley "SBS DIVA" has posted a number of blog entries for PCI Compliance on SBS 2008 and 2003  found here http://msmvps.com/blogs/bradley/search.aspx?q=PCI+Compliance&o=Relevance

The key is usually disabling SSL 2.0

The reality is that the SBS server shouldn't be hosting websites for ecommerce or processing online credit card transactions
0
 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34961838
The server isn't processing any cards or payments but because we have a network and server we are required to pass PCI compliance.  Its a scam put in place by credit card company's but there's no choice, it must be done.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961856
Yup..I hear this a lot...Hopefully the information in Susan's blogs will get you squared away
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34983470
The info really didn't help with this issue, does anyone else have any ideas?
0
 
LVL 1

Accepted Solution

by:
VAA-C earned 500 total points
ID: 35165933
I run sbs 2003. To fix the problem i performed the following.

Set the UseHostName property
To set the UseHostName property, follow these steps:

   1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
   2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
      %SYSTEMROOT%\Inetpub\AdminScripts
   3. Type the following command, where x is your site identifier:
      cscript adsutil.vbs set w3svc/x/UseHostName true

Here is the microsoft kb link

http://support.microsoft.com/kb/834141

0
 
LVL 1

Author Closing Comment

by:Expetec-Roseville
ID: 35165958
The solution did not work for us but this is the correct solution to the problem.  We have fixed our problem on our end but it required a bit more in depth configuration.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article covers how to install the Microsoft Windows Operating System (OS). What is covered in this article:  > Different Versions and Editions of the Windows OS  > Upgrading versus Fresh Installation of the OS           - Steps to take pr…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question