Lev Kaytsner
asked on
Sweet32 Vulnerability in Microsoft IIS7.5
I am running two windows server 2008 r2 servers in my PCI environment and my PCI scan fails due to "Sweet32" CVE-2016-2183 vulnerability.
I have found a doc online describing a fix by disabling 3DES ciphers, but I don't see them running on my servers.
Below is the help doc:
How to protect your IIS webserver from SWEET32 bug
To disable weak ciphers in Windows IIS web server, you need to edit the Registry corresponding to it. Here is how to do that:
Click Start, click Run, type ‘regedit’ in the Open box, and then click OK.
Locate the following security registry key:
HKEY_LOCAL_MACHINE\SYSTEM\ CurrentCon trolSet\Co ntrol\Secu rityProvid ers\SCHANN EL
Go to the ‘SCHANNEL\Ciphers subkey’, which is used to control the ciphers such as DES and RC4.
Edit the subkey ‘SCHANNEL\Ciphers\Triple DES 168’ and set the DWORD value data to 0x0.
Now you have successfully disabled the 3DES cipher from your IIS web server.
The issue is, I don't have 3DES ciphers running on my servers.
Any advise appreciated.
Thanks,
Lev
Sweet32_4.jpg
Sweet32_5.jpg
I have found a doc online describing a fix by disabling 3DES ciphers, but I don't see them running on my servers.
Below is the help doc:
How to protect your IIS webserver from SWEET32 bug
To disable weak ciphers in Windows IIS web server, you need to edit the Registry corresponding to it. Here is how to do that:
Click Start, click Run, type ‘regedit’ in the Open box, and then click OK.
Locate the following security registry key:
HKEY_LOCAL_MACHINE\SYSTEM\
Go to the ‘SCHANNEL\Ciphers subkey’, which is used to control the ciphers such as DES and RC4.
Edit the subkey ‘SCHANNEL\Ciphers\Triple DES 168’ and set the DWORD value data to 0x0.
Now you have successfully disabled the 3DES cipher from your IIS web server.
The issue is, I don't have 3DES ciphers running on my servers.
Any advise appreciated.
Thanks,
Lev
Sweet32_4.jpg
Sweet32_5.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So, I was able to remove weak ciphers in my test environment. Managed to break application. So, trying to figure it out with our vendor and go from there. Thanks everyone for great suggestions.
Lev
Lev
ASKER
I will plan on disabling it and see if it fixes my issues.
Thank you.
Sweet32_6.jpg