[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Question on security Audit

Posted on 2016-12-01
2
Medium Priority
?
148 Views
Last Modified: 2016-12-21
One of my clients send me the scurity audit requirements and One of the Point is stating

On active Directory Servers : Update OpenSSL 1.0.1s (How do you do that ? Does all the Active Directory servers have this feature enabled?

2) Deactivate SSL2 and SSL3 and Activate TLS 1.1 and 1.2 On RDP  How do you do that?

Rgds
0
Comment
Question by:gazambey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 41908888
For openssl update, you can get the update in https://wiki.openssl.org/index.php/Binaries (see "OpenSSL for Windows")
[   ] openssl-1.0.1s-i386-win32.zip        2016-12-01 05:04  960K  
[   ] openssl-1.0.1s-x64_86-win64.zip      2016-12-01 05:04  1.0M  
      https://indy.fulgan.com/SSL/
Win32 OpenSSL v1.1.0c
https://slproweb.com/products/Win32OpenSSL.html

For cipher update, use iiscrypto which is a GUI for disabling the SChannel registry value for SSLv2 nor SSLv3 and enable the TLS1.0 above .
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
https://support.microsoft.com/en-us/kb/245030
(e.g Apply FIPS 140-2 settings -> Disables SSLv3 and older... make sure not to disable TLS 1.0 or might lose RDP with default settings.)
tools - https://www.nartac.com/Products/IISCrypto
0
 

Author Closing Comment

by:gazambey
ID: 41909799
Good Explanations
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question