Thanks! Went to your web site, but 4.5 seems to be too old for anything there.
I think I have all but the "microsoft iis content location internal ip address leak" taken care of, and I have a bunch of tabs open concerning that. I'll find out for sure what has been taken care of after this upcoming scan... From: Webster [mailto:[email protected]] Sent: Tuesday, January 10, 2012 11:38 AM To: NT System Admin Issues Subject: Re: IIS 6.0 Security I am checking. Please hold for the next available Citrix support person. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Michael Smith <[email protected]<mailto:[email protected]>> Reply-To: NT Issues <[email protected]<mailto:[email protected]>> Date: Tue, 10 Jan 2012 16:49:40 +0000 To: NT Issues <[email protected]<mailto:[email protected]>> Subject: RE: IIS 6.0 Security Just gotta know the right search string. http://blogs.iis.net/sakyad/archive/2008/12/11/enforcing-ssl-3-0-and-removing-weak-encryption-vulnerability-over-ssl-iis-6-0-and-isa.aspx http://geekswithblogs.net/dchristiansen/archive/2009/03/24/pcidss-disablessl2andweakciphersoniis6.aspx Now: Citrix/XenApp support for SSL 3.0 - I don't know anything about that. Carl Webster needs to speak to that! :) Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Richard McClary [mailto:[email protected]] Sent: Tuesday, January 10, 2012 10:06 AM To: NT System Admin Issues Subject: IIS 6.0 Security Hopefully, the subject line is not a complete oxymoron... Yes, I am continuing to search Google as well as the MS TechNet pages (that Google returns) concerning IIS 6.0. We failed a PCI compliance audit on our Citrix server (Presentation Server 4.5, and yes, a new Citrix system is in the works, but this one needs to pass a scan test.) The system does have a VeriSign SSL certificate. -- Here are the issues found by the scan: Disable TLS Renegotiation Fix Microsoft IIS Content Location Internal IP Address Leak (Note - the server is accessed via web through a MIP's IP address) Upgrade to the latest version of OpenSSL Disable SSL support for weak ciphers Disable SSL v2 protocol support -- Anyway, we need assistance in dealing with those security issues without hosing the Citrix services (which our clients are paying for). Thank you; back to Google and Technet... - richard ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
