Nessus Scan & weak ciphers
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > Web Servers reviews > IIS server support > IIS Server Security > Nessus Scan & weak ciphers




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    Nessus Scan & weak ciphers  
dschelberg@volt.com


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
02-27-04 04:35 PM

(Response to my own original post)

This article is clear on the how just not what ciphers
are considered weak and therefore should be disabled

http://support.microsoft.com/default.aspx?scid=kb;en-
us;216482





(from Nessus Scan)

Warning found on port https (443/tcp)

The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863



This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.









Regards,

Danny Schelberg

CCNA, MCSE, MCP + I

Network Engineer

Procurestaff

Volt Information Sciences, Inc

>-----Original Message-----
>Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
>link below is a how to but it is very unclear about
which
>ciphers and what steps should be followed. The issue
>became apparent after a Nessus scan
>
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
>us;245030&Product=win2000
>
>Warning found on port https (443/tcp)
>The SSLv2 server offers 4 strong ciphers, but also
>0 medium strength and 2 weak "export class" ciphers.
>The weak/medium ciphers may be chosen by an export-grade
>or badly configured client software. They only offer a
>limited protection against a brute force attack
>
>Solution: disable those ciphers and upgrade your client
>software if necessary
>Nessus ID : 10863
>
>This plugin connects to a SSL server, and
>checks its certificate and the available (shared) SSLv2
>ciphers.
>Weak (export version) ciphers are reported.
>
>
>
>
>Regards,
>Danny Schelberg
>CCNA, MCSE, MCP + I
>Network Engineer
>Procurestaff
>Volt Information Sciences, Inc
>
>.
>




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 06:55 PM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register