I am checking. Please hold for the next available Citrix support person.
Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Michael Smith <[email protected]<mailto:[email protected]>> Reply-To: NT Issues <[email protected]<mailto:[email protected]>> Date: Tue, 10 Jan 2012 16:49:40 +0000 To: NT Issues <[email protected]<mailto:[email protected]>> Subject: RE: IIS 6.0 Security Just gotta know the right search string. http://blogs.iis.net/sakyad/archive/2008/12/11/enforcing-ssl-3-0-and-removing-weak-encryption-vulnerability-over-ssl-iis-6-0-and-isa.aspx http://geekswithblogs.net/dchristiansen/archive/2009/03/24/pcidss-disablessl2andweakciphersoniis6.aspx Now: Citrix/XenApp support for SSL 3.0 – I don’t know anything about that. Carl Webster needs to speak to that! :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Richard McClary [mailto:[email protected]] Sent: Tuesday, January 10, 2012 10:06 AM To: NT System Admin Issues Subject: IIS 6.0 Security Hopefully, the subject line is not a complete oxymoron… Yes, I am continuing to search Google as well as the MS TechNet pages (that Google returns) concerning IIS 6.0. We failed a PCI compliance audit on our Citrix server (Presentation Server 4.5, and yes, a new Citrix system is in the works, but this one needs to pass a scan test.) The system does have a VeriSign SSL certificate. -- Here are the issues found by the scan: Disable TLS Renegotiation Fix Microsoft IIS Content Location Internal IP Address Leak (Note – the server is accessed via web through a MIP’s IP address) Upgrade to the latest version of OpenSSL Disable SSL support for weak ciphers Disable SSL v2 protocol support -- Anyway, we need assistance in dealing with those security issues without hosing the Citrix services (which our clients are paying for). Thank you; back to Google and Technet… - richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
