Solved

SBS 2008 Pci Compliance

Posted on 2011-02-22
6
922 Views
Last Modified: 2012-05-11
PCI compliance scan is failing because of this, I'm aware of adjustements that need to be made for 2003, but this is on a SBS 2008. Anybody have any ideas for a fix? RWW must be enable, users need it so that is not an option.


Description: Microsoft IIS Authentication Method Disclosed remote.mbros.com67.139.88.218Windows Server 2008Feb 22 14:46:38 2011newSeverity: Area of Concern CVE: CVE-2002-0419 5.02738new11Impact: An attacker could determine which authentication scheme is required for confidential web pages. This can be used for
brute force attacks against known User IDs. Background: Microsoft IIS web servers support Basic and NTLM authentication. Determination of which authentication is used by a server may help with further intelligent attacks against the server or brute force password attacks. Resolution Use Fix information in [http://seclists.org/bugtraq/2002/Mar/00 94.html] Considerations for IIS authentication. Vulnerability Details: Service: https Sent: GET  / HTTP/1.1 Host: remote.mbros.com Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAA AA= Received: 401 Unauthorized returned indicating NTLM Authentication [More]
[Hide]
0
Comment
Question by:Expetec-Roseville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961792
Susan Bradley "SBS DIVA" has posted a number of blog entries for PCI Compliance on SBS 2008 and 2003  found here http://msmvps.com/blogs/bradley/search.aspx?q=PCI+Compliance&o=Relevance

The key is usually disabling SSL 2.0

The reality is that the SBS server shouldn't be hosting websites for ecommerce or processing online credit card transactions
0
 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34961838
The server isn't processing any cards or payments but because we have a network and server we are required to pass PCI compliance.  Its a scam put in place by credit card company's but there's no choice, it must be done.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961856
Yup..I hear this a lot...Hopefully the information in Susan's blogs will get you squared away
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34983470
The info really didn't help with this issue, does anyone else have any ideas?
0
 
LVL 1

Accepted Solution

by:
VAA-C earned 500 total points
ID: 35165933
I run sbs 2003. To fix the problem i performed the following.

Set the UseHostName property
To set the UseHostName property, follow these steps:

   1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
   2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
      %SYSTEMROOT%\Inetpub\AdminScripts
   3. Type the following command, where x is your site identifier:
      cscript adsutil.vbs set w3svc/x/UseHostName true

Here is the microsoft kb link

http://support.microsoft.com/kb/834141

0
 
LVL 1

Author Closing Comment

by:Expetec-Roseville
ID: 35165958
The solution did not work for us but this is the correct solution to the problem.  We have fixed our problem on our end but it required a bit more in depth configuration.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question