Solved

How would I disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services?

Posted on 2014-07-29
8
2,726 Views
Last Modified: 2014-08-04
A Security Scan found that one of our boxes that is running Windows Server 2003 SP2  has the following vulnerability-

SSL Server Allows Anonymous Authentication Vulnerability

Suggested solution: disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services.

What is the best way to accomplish this in Windows Server 2003?

Thanks
0
Comment
Question by:PDSWSS
  • 5
  • 3
8 Comments
 
LVL 12

Accepted Solution

by:
David Paris Vicente earned 500 total points
ID: 40228215
Before any alteration to registry keys you should have a backup.

I think this will do the trick.
Go to regedit
Locate the following key
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\PCT 1.0\Server

Open in new window


Then Edit menu, click Add Value.
In the Data Type list, click DWORD.
In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value and Type 00000000 in Binary Editor to set the value of the new key equal to "0".

Click OK. Restart the computer.

Hope this helps.
0
 

Author Comment

by:PDSWSS
ID: 40228326
Thanks. Will test tomorrow AM and let you know.
0
 

Author Comment

by:PDSWSS
ID: 40229312
David Paris Vicente

I applied your suggested setting to the registry.
Is there a way to test  whether   "SSL Server Allows Anonymous Authentication Vulnerability"  has been addressed without
asking our University to run another security scan?

Thanks
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 12

Assisted Solution

by:David Paris Vicente
David Paris Vicente earned 500 total points
ID: 40229641
Hi PDSWSS,

Thank you for your feedback, I forgot to mention that in case a second test continues to reporting vulnerabilities for PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0, you need to create the other keys for each of one.

Like you did before but for this ones to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server 

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server 

Open in new window


And the DWORD Value = 0

The value DWORD= 0 Means disabled, the 1 value means enable.

I think this tool can do some of the tests you need.

Let us know if this helped.

Regards
0
 

Author Comment

by:PDSWSS
ID: 40229678
Thanks.
Please clarify - In your first post you said Dword value should = enabled

In your second post you said Dword should =  0   and   0  = disabled.
0
 
LVL 12

Expert Comment

by:David Paris Vicente
ID: 40230004
Sorry for not being clear.

I wanted to say that in the Value Name for the DWORD properties it is indeed Enabled and in the Value Data you should choose the Hexadecimal Base and insert the value 0.
This value has its equivalent in Binary to 00000000.

In binary 0 equals Disabled and opposite is 1, meaning Enabled.

As you want to disable it you should set the Value Data to 0. But if in the future you want to enable it, you have to change Value Data to 1.
See Example Attached. Example

And in my second post I mentioned other Key Regs that you need to change in case your security scan detects any vulnerability with the protocols mentioned on your question. "PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0"



I hope it helps.
0
 

Author Comment

by:PDSWSS
ID: 40231598
Thanks for clarifying. Will not be able to get to this until Monday AM. At that time will test and give you the points.
0
 

Author Comment

by:PDSWSS
ID: 40239442
Thanks for your help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question