Nessus Scan & weak ciphers
dschelberg_at_volt.com
Date: 02/27/04
- Next message: glen: "spyware"
- Previous message: Fast Eddie: "Schannel error on W2K server -- HELP --"
- Next in thread: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
- Reply: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 07:11:09 -0800
Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
link below is a how to but it is very unclear about which
ciphers and what steps should be followed. The issue
became apparent after a Nessus scan
http://support.microsoft.com/default.aspx?scid=kb;en-
us;245030&Product=win2000
Warning found on port https (443/tcp)
The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack
Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863
This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.
Regards,
Danny Schelberg
CCNA, MCSE, MCP + I
Network Engineer
Procurestaff
Volt Information Sciences, Inc
- Next message: glen: "spyware"
- Previous message: Fast Eddie: "Schannel error on W2K server -- HELP --"
- Next in thread: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
- Reply: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
