IIS Server Security - Nessus Scan & weak ciphers

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2004 > Nessus Scan & weak ciphers





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Nessus Scan & weak ciphers
dschelberg@volt.com

2004-02-27, 10:34 am

Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
link below is a how to but it is very unclear about which
ciphers and what steps should be followed. The issue
became apparent after a Nessus scan


http://support.microsoft.com/default.aspx?scid=kb;en-
us;245030&Product=win2000

Warning found on port https (443/tcp)
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863

This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.




Regards,
Danny Schelberg
CCNA, MCSE, MCP + I
Network Engineer
Procurestaff
Volt Information Sciences, Inc

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com