Secure Channel and StandAlone IIS box.

From: at (atarasul@spencerstuart.com)
Date: 01/21/03

Next message: Blitz: "Re: Security Event log full in 30 min"
Previous message: Scott Schreckengaust: "Re: Stand Alone CA Problem"
Next in thread: Jacob [MS]: "RE: Secure Channel and StandAlone IIS box."
Reply: Jacob [MS]: "RE: Secure Channel and StandAlone IIS box."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "at" <atarasul@spencerstuart.com>
Date: Tue, 21 Jan 2003 11:45:05 -0600

Hello,
I'm evaluating security templates for standalone bastion IIS 5.0 on Win2K
SP3 with principle - don't enable what can be disabled.
The question I come up - what the value of Secure Channel settings for this
server.

SignOrSeal = Secure channel: Digitally encrypt or sign secure channel data
(always)
SealSecureChannel = Secure channel: Digitally encrypt secure channel data
(when possible)
SignSecureChannel = Secure channel: Digitally sign secure channel data (when
possible)

According to Microsoft Secure Channel settings relates only to communication
between Member server and DC (which I don't have). However usage of
schannel.dll for IIS SSL functionality hinting on possible relationship
between functioning as HTTPS server and disabling those seemengly unneeded
services.
Any ideas?

Thanks
Alexander

Next message: Blitz: "Re: Security Event log full in 30 min"
Previous message: Scott Schreckengaust: "Re: Stand Alone CA Problem"
Next in thread: Jacob [MS]: "RE: Secure Channel and StandAlone IIS box."
Reply: Jacob [MS]: "RE: Secure Channel and StandAlone IIS box."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Domain Local group and Require strong. GPO Problem
... > setting determines whether a secure channel can be established with a domain ... > Session keys used to establish secure channel communications between domain ... Disabling this ... > this option if the domain controllers in all trusted domains support strong ...
(microsoft.public.win2000.security)
Secure Channel and StandAlone IIS box.
... I'm evaluating security templates for standalone bastion IIS 5.0 on Win2K ... The question I come up - what the value of Secure Channel settings for this ... Digitally encrypt or sign secure channel data ... between functioning as HTTPS server and disabling those seemengly unneeded ...
(microsoft.public.inetserver.iis.security)
Re: To disable SMB packet and secure channel signing enforcement on Windows Server 2003-based domain
... >based DC to member communications will be subject to MITM attacks. ... In short, the SMB ... Similarly, disabling the secure ... >on all your DC to DC secure channel data (although sensitive information ...
(Focus-Microsoft)
Re: Secure Channel Password
... >I knew that the default is to provide membership safeguard by ... > retaining machine account passwords two deep, ... > such a disabling, then the mechanism could not be blind to the ... >> run on a domain computer will detect if the secure channel to the domain ...
(microsoft.public.win2000.security)
Re: Secure Channel and StandAlone IIS box.
... The settings relate to the NetLogon service and I think the settings do not affect IIS SSL operations. ... | Subject: Re: Secure Channel and StandAlone IIS box. ... Digitally encrypt or sign secure channel data ...
(microsoft.public.win2000.security)