Thanks! I did find a patch or two on the Citrix site I'll need to run. The claim is, it deals with the TLS Renegotiation vulnerability.
I guess I'll find out what all works after the scan. This is a very promising start, however. From: Michael B. Smith [mailto:[email protected]] Sent: Tuesday, January 10, 2012 10:50 AM To: NT System Admin Issues Subject: RE: IIS 6.0 Security Just gotta know the right search string. http://blogs.iis.net/sakyad/archive/2008/12/11/enforcing-ssl-3-0-and-removing-weak-encryption-vulnerability-over-ssl-iis-6-0-and-isa.aspx http://geekswithblogs.net/dchristiansen/archive/2009/03/24/pcidss-disablessl2andweakciphersoniis6.aspx Now: Citrix/XenApp support for SSL 3.0 - I don't know anything about that. Carl Webster needs to speak to that! :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Richard McClary [mailto:[email protected]] Sent: Tuesday, January 10, 2012 10:06 AM To: NT System Admin Issues Subject: IIS 6.0 Security Hopefully, the subject line is not a complete oxymoron... Yes, I am continuing to search Google as well as the MS TechNet pages (that Google returns) concerning IIS 6.0. We failed a PCI compliance audit on our Citrix server (Presentation Server 4.5, and yes, a new Citrix system is in the works, but this one needs to pass a scan test.) The system does have a VeriSign SSL certificate. -- Here are the issues found by the scan: Disable TLS Renegotiation Fix Microsoft IIS Content Location Internal IP Address Leak (Note - the server is accessed via web through a MIP's IP address) Upgrade to the latest version of OpenSSL Disable SSL support for weak ciphers Disable SSL v2 protocol support -- Anyway, we need assistance in dealing with those security issues without hosing the Citrix services (which our clients are paying for). Thank you; back to Google and Technet... - richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
