IIS Security Scan: The remote service supports the use of weak SSL ciphers

Posted on January 27th, 2009 webmaster 1 comment          Print

Synopsis: The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. See also : http://www.openssl.org/docs/apps/ciphers.html Solution: Reconfigure the affected application if possible to avoid use of weak ciphers. Risk Factor: Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) Plugin output : Here is the list of weak SSL ciphers supported by the remote server : Low Strength Ciphers ( 56-bit key) SSLv3 EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Our ISA 2006 server failed the SecurityMetrics PCI scan yesterday with this reason.  We fixed the security issue by doing the following:

1. Open Registry Editor.
2. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\ SCHANNEL\Ciphers (I recommend that you create a backup of this section of the registry before continuing).
3. Select a cipher that has a number less than 128/128 (examples: DES 56/56, RC2 40/128, RC4 40/128, RC4 56/128) and add a DWORD value with the name “Enabled” and Value Data: 0.
4. Repeat Step 3 for all ciphers less than 128/128.

After doing the above, we ran the SecurityMetrics scan again and it didn’t find any vulnerabilities this time.

You might also want to disable SSL 2.0 support while you’re here as this is another security issue (we had to do this last year to pass).  To do so, simply add the same DWORD value to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\ SCHANNEL\Protocols\SSL 2.0\Server.

Credit goes to this website for this solution: http://www.curtis-lamasters.com/2008/06/21/windows-iis-ssl-restrict-weak-ciphers/

More on Downadup/Conficker worm…

Posted on January 25th, 2009 webmaster No comments          Print

“It has the potential to infect about 30% of Windows systems online, a potential 300 to 350 million PCs,” says Don Jackson, director of threat intelligence in the counter threat unit at SecureWorks. The worm, first identified in November and suspected to have originated in the Ukraine, is quickly ramping up, and while Downadup today is not malicious in the sense of destroying files — its main trick is to block users from accessing antivirus sites to obtain updates to protect against it — the worm is capable of downloading second-stage code for darker purposes. Many experts anticipate that could occur soon.

Read the full article.

Dell Coupon Codes

Posted on January 17th, 2009 webmaster No comments          Print

I’ve been getting these Dell coupon codes in the mail.  Hope you find them useful.

15% off select electronics, software, and accessories

• 3M1M4WG4ZX4?LZ
• XWX9BR9PVNXV4H

25% off select systems

• RCRKBSFPVFSTMH
• 8G?B$MNP4VGF9H

25% off select servers, storage, and switches

• R5WDXDHWBQKL46
• XCHSJ54MT89FDM

Offers valid 11/7/2008 – 1/30/2009 – Enjoy!