IIS Server Security - Nessus & Cipher strenghts

This is Interesting: Free IT Magazines  
Home > Archive > IIS Server Security > February 2004 > Nessus & Cipher strenghts





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Nessus & Cipher strenghts
dschelberg@volt.com

2004-02-27, 3:34 pm

Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
link below is a how to but it is very unclear about which
ciphers and what steps should be followed. The issue
became apparent after a Nessus scan. I posted this
question a while ago but It still remains undone.

http://support.microsoft.com/default.aspx?scid=kb;en-
us;245030&Product=win2000



This article below is clear on the how just not what
ciphers are considered weak and therefore should be
disabled

http://support.microsoft.com/default.aspx?scid=kb;en-
us;216482





(from Nessus Scan)

Warning found on port https (443/tcp)

The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863



This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.









Regards,

Danny Schelberg

CCNA, MCSE, MCP + I

Network Engineer

Procurestaff

Volt Information Sciences, Inc

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com