?
Solved

SBS 2008 Pci Compliance

Posted on 2011-02-22
6
Medium Priority
?
925 Views
Last Modified: 2012-05-11
PCI compliance scan is failing because of this, I'm aware of adjustements that need to be made for 2003, but this is on a SBS 2008. Anybody have any ideas for a fix? RWW must be enable, users need it so that is not an option.


Description: Microsoft IIS Authentication Method Disclosed remote.mbros.com67.139.88.218Windows Server 2008Feb 22 14:46:38 2011newSeverity: Area of Concern CVE: CVE-2002-0419 5.02738new11Impact: An attacker could determine which authentication scheme is required for confidential web pages. This can be used for
brute force attacks against known User IDs. Background: Microsoft IIS web servers support Basic and NTLM authentication. Determination of which authentication is used by a server may help with further intelligent attacks against the server or brute force password attacks. Resolution Use Fix information in [http://seclists.org/bugtraq/2002/Mar/00 94.html] Considerations for IIS authentication. Vulnerability Details: Service: https Sent: GET  / HTTP/1.1 Host: remote.mbros.com Authorization: Negotiate TlRMTVNTUAABAAAAB4IAoAAAAAAAAAAAAAAAAAAAA AA= Received: 401 Unauthorized returned indicating NTLM Authentication [More]
[Hide]
0
Comment
Question by:Expetec-Roseville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961792
Susan Bradley "SBS DIVA" has posted a number of blog entries for PCI Compliance on SBS 2008 and 2003  found here http://msmvps.com/blogs/bradley/search.aspx?q=PCI+Compliance&o=Relevance

The key is usually disabling SSL 2.0

The reality is that the SBS server shouldn't be hosting websites for ecommerce or processing online credit card transactions
0
 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34961838
The server isn't processing any cards or payments but because we have a network and server we are required to pass PCI compliance.  Its a scam put in place by credit card company's but there's no choice, it must be done.
0
 
LVL 35

Expert Comment

by:Cris Hanna
ID: 34961856
Yup..I hear this a lot...Hopefully the information in Susan's blogs will get you squared away
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Expetec-Roseville
ID: 34983470
The info really didn't help with this issue, does anyone else have any ideas?
0
 
LVL 1

Accepted Solution

by:
VAA-C earned 2000 total points
ID: 35165933
I run sbs 2003. To fix the problem i performed the following.

Set the UseHostName property
To set the UseHostName property, follow these steps:

   1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
   2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
      %SYSTEMROOT%\Inetpub\AdminScripts
   3. Type the following command, where x is your site identifier:
      cscript adsutil.vbs set w3svc/x/UseHostName true

Here is the microsoft kb link

http://support.microsoft.com/kb/834141

0
 
LVL 1

Author Closing Comment

by:Expetec-Roseville
ID: 35165958
The solution did not work for us but this is the correct solution to the problem.  We have fixed our problem on our end but it required a bit more in depth configuration.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question