locked
PCI Compliance Scans RRS feed

  • Question

  • Hello,

     

    I am in the process of running a PCI Compliance scan but I am constantly failing.  It looks as though I am receiving the sam "Threat" error in ever category.  My company currently have a Firewall,  an Intranet residing on a Windows server 2003 box using Share Point and IIS6 (Im not sure if its the firewall policies thats causing us to fail or if there is something that I should install on the server, etc.  The errors are listed below. 

    THREAT:

    The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.

    IMPACT:

    An attacker can exploit this vulnerability to read secure communications or maliciously modify messages

    SOLUTION:

    Disable SSLv2.

    Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:

    SSLProtocol -ALL +SSLv3 +TLSv1

    SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

    For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:

    SSLNoV2

    How to disable SSLv2 on IIS : Microsoft

    Knowledge Base Article - 187498

    How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :

    Microsoft Knowledge Base Article - 245030

     

    ***I have no idea what they are refering to.  Is it my Intranet, My Firewall, FTP?  Please help. 

     

    THanks so Much, !!

    Friday, July 22, 2011 5:13 PM

Answers

  • Check your repost under the MOF forums.  This should be posted to the Windows Security forums.


    -- :P Advice offered, If you need more help it is advised to seek the council and advice of paid professionals. The answer is always 42, or reboot.
    • Marked as answer by Kevin Remde Monday, November 14, 2011 11:38 AM
    Friday, July 22, 2011 5:56 PM