Solved

Question on security Audit

Posted on 2016-12-01
2
104 Views
Last Modified: 2016-12-21
One of my clients send me the scurity audit requirements and One of the Point is stating

On active Directory Servers : Update OpenSSL 1.0.1s (How do you do that ? Does all the Active Directory servers have this feature enabled?

2) Deactivate SSL2 and SSL3 and Activate TLS 1.1 and 1.2 On RDP  How do you do that?

Rgds
0
Comment
Question by:gazambey
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41908888
For openssl update, you can get the update in https://wiki.openssl.org/index.php/Binaries (see "OpenSSL for Windows")
[   ] openssl-1.0.1s-i386-win32.zip        2016-12-01 05:04  960K  
[   ] openssl-1.0.1s-x64_86-win64.zip      2016-12-01 05:04  1.0M  
      https://indy.fulgan.com/SSL/
Win32 OpenSSL v1.1.0c
https://slproweb.com/products/Win32OpenSSL.html

For cipher update, use iiscrypto which is a GUI for disabling the SChannel registry value for SSLv2 nor SSLv3 and enable the TLS1.0 above .
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
https://support.microsoft.com/en-us/kb/245030
(e.g Apply FIPS 140-2 settings -> Disables SSLv3 and older... make sure not to disable TLS 1.0 or might lose RDP with default settings.)
tools - https://www.nartac.com/Products/IISCrypto
0
 

Author Closing Comment

by:gazambey
ID: 41909799
Good Explanations
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question