Question on security Audit

One of my clients send me the scurity audit requirements and One of the Point is stating

On active Directory Servers : Update OpenSSL 1.0.1s (How do you do that ? Does all the Active Directory servers have this feature enabled?

2) Deactivate SSL2 and SSL3 and Activate TLS 1.1 and 1.2 On RDP  How do you do that?

Rgds
gazambeyIT CONSULTANTAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
For openssl update, you can get the update in https://wiki.openssl.org/index.php/Binaries (see "OpenSSL for Windows")
[   ] openssl-1.0.1s-i386-win32.zip        2016-12-01 05:04  960K  
[   ] openssl-1.0.1s-x64_86-win64.zip      2016-12-01 05:04  1.0M  
      https://indy.fulgan.com/SSL/
Win32 OpenSSL v1.1.0c
https://slproweb.com/products/Win32OpenSSL.html

For cipher update, use iiscrypto which is a GUI for disabling the SChannel registry value for SSLv2 nor SSLv3 and enable the TLS1.0 above .
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
https://support.microsoft.com/en-us/kb/245030
(e.g Apply FIPS 140-2 settings -> Disables SSLv3 and older... make sure not to disable TLS 1.0 or might lose RDP with default settings.)
tools - https://www.nartac.com/Products/IISCrypto
0
 
gazambeyIT CONSULTANTAuthor Commented:
Good Explanations
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.