PCI Compliance Scans RRS feed

  • Question

  • Hello,


    I am in the process of running a PCI Compliance scan but I am constantly failing.  It looks as though I am receiving the sam "Threat" error in ever category.  My company currently have a Firewall,  an Intranet residing on a Windows server 2003 box using Share Point and IIS6 (Im not sure if its the firewall policies thats causing us to fail or if there is something that I should install on the server, etc.  The errors are listed below. 


    The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server.


    An attacker can exploit this vulnerability to read secure communications or maliciously modify messages


    Disable SSLv2.

    Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines:

    SSLProtocol -ALL +SSLv3 +TLSv1


    For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line:


    How to disable SSLv2 on IIS : Microsoft

    Knowledge Base Article - 187498

    How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll :

    Microsoft Knowledge Base Article - 245030


    ***I have no idea what they are refering to.  Is it my Intranet, My Firewall, FTP?  Please help. 


    THanks so Much, !!

    Friday, July 22, 2011 5:13 PM


  • Check your repost under the MOF forums.  This should be posted to the Windows Security forums.

    -- :P Advice offered, If you need more help it is advised to seek the council and advice of paid professionals. The answer is always 42, or reboot.
    • Marked as answer by Kevin Remde Monday, November 14, 2011 11:38 AM
    Friday, July 22, 2011 5:56 PM