Solved

Question on security Audit

Posted on 2016-12-01
2
93 Views
Last Modified: 2016-12-21
One of my clients send me the scurity audit requirements and One of the Point is stating

On active Directory Servers : Update OpenSSL 1.0.1s (How do you do that ? Does all the Active Directory servers have this feature enabled?

2) Deactivate SSL2 and SSL3 and Activate TLS 1.1 and 1.2 On RDP  How do you do that?

Rgds
0
Comment
Question by:gazambey
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41908888
For openssl update, you can get the update in https://wiki.openssl.org/index.php/Binaries (see "OpenSSL for Windows")
[   ] openssl-1.0.1s-i386-win32.zip        2016-12-01 05:04  960K  
[   ] openssl-1.0.1s-x64_86-win64.zip      2016-12-01 05:04  1.0M  
      https://indy.fulgan.com/SSL/
Win32 OpenSSL v1.1.0c
https://slproweb.com/products/Win32OpenSSL.html

For cipher update, use iiscrypto which is a GUI for disabling the SChannel registry value for SSLv2 nor SSLv3 and enable the TLS1.0 above .
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"Enabled"=dword:00000000
https://support.microsoft.com/en-us/kb/245030
(e.g Apply FIPS 140-2 settings -> Disables SSLv3 and older... make sure not to disable TLS 1.0 or might lose RDP with default settings.)
tools - https://www.nartac.com/Products/IISCrypto
0
 

Author Closing Comment

by:gazambey
ID: 41909799
Good Explanations
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Every computer eventually fails. When that happens, your valuable data is only as safe as your current backup.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now