Nessus Scan & weak ciphers

dschelberg_at_volt.com
Date: 02/27/04

• Next message: Rich: "Anonymous Access & Integrated Windows Authentication"
• Previous message: glen: "spyware"
• In reply to: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 27 Feb 2004 07:37:45 -0800

 (Response to my own original post)

This article is clear on the how just not what ciphers
are considered weak and therefore should be disabled

http://support.microsoft.com/default.aspx?scid=kb;en-
us;216482

 

 

(from Nessus Scan)

Warning found on port https (443/tcp)

The SSLv2 server offers 4 strong ciphers, but also
0 medium strength and 2 weak "export class" ciphers.
The weak/medium ciphers may be chosen by an export-grade
or badly configured client software. They only offer a
limited protection against a brute force attack

Solution: disable those ciphers and upgrade your client
software if necessary
Nessus ID : 10863

 

This plugin connects to a SSL server, and
checks its certificate and the available (shared) SSLv2
ciphers.
Weak (export version) ciphers are reported.

 

 

 

 

Regards,

Danny Schelberg

CCNA, MCSE, MCP + I

Network Engineer

Procurestaff

Volt Information Sciences, Inc

>-----Original Message-----
>Has anyone adjusted their SSLv2 ciphers for IIS 5.0. The
>link below is a how to but it is very unclear about
which
>ciphers and what steps should be followed. The issue
>became apparent after a Nessus scan
>
>
>http://support.microsoft.com/default.aspx?scid=kb;en-
>us;245030&Product=win2000
>
>Warning found on port https (443/tcp)
>The SSLv2 server offers 4 strong ciphers, but also
>0 medium strength and 2 weak "export class" ciphers.
>The weak/medium ciphers may be chosen by an export-grade
>or badly configured client software. They only offer a
>limited protection against a brute force attack
>
>Solution: disable those ciphers and upgrade your client
>software if necessary
>Nessus ID : 10863
>
>This plugin connects to a SSL server, and
>checks its certificate and the available (shared) SSLv2
>ciphers.
>Weak (export version) ciphers are reported.
>
>
>
>
>Regards,
>Danny Schelberg
>CCNA, MCSE, MCP + I
>Network Engineer
>Procurestaff
>Volt Information Sciences, Inc
>
>.
>

---

• Next message: Rich: "Anonymous Access & Integrated Windows Authentication"
• Previous message: glen: "spyware"
• In reply to: dschelberg_at_volt.com: "Nessus Scan & weak ciphers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Nessus Scan Report Result Questions ... medium strength and 2 weak "export class" ciphers. ... or badly configured client software. ... limited protection against a brute force attack ... (microsoft.public.inetserver.iis.security) Nessus Scan & weak ciphers ... Has anyone adjusted their SSLv2 ciphers for IIS 5.0. ... or badly configured client software. ... (microsoft.public.inetserver.iis.security) Nessus & Cipher strenghts ... Has anyone adjusted their SSLv2 ciphers for IIS 5.0. ... became apparent after a Nessus scan. ... or badly configured client software. ... (microsoft.public.inetserver.iis.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)