HAHAHAHAHAHA. It's a two-minute project FOR YOU! :)
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Webster [mailto:[email protected]] Sent: Wednesday, January 11, 2012 10:35 AM To: NT System Admin Issues Subject: Re: IIS 6.0 Security Use either license server 11.6.1 or better 11.9. 11.9 may require you to return, reallocate and re download your license file(s). But that is a 2 minute project at worst. 1.9 is required for XenApp 6.5 and XenDesktop 5.5 (and maybe 5.0) as Citrix has implemented new licensing features. 11.9 will read the old license files with no issues BUT if you need to use XenApp 6.5 or XenDesktop 5.5, you WILL need to redo your license file. The nice thing about Citrix license server 11.6 and higher is that it no longer requires Java or IIS. That removes a couple of security risks for you right there. There is a new 11.10 license server but I have not tested that. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Richard McClary <[email protected]<mailto:[email protected]>> Reply-To: NT Issues <[email protected]<mailto:[email protected]>> Date: Wed, 11 Jan 2012 15:21:44 +0000 To: NT Issues <[email protected]<mailto:[email protected]>> Subject: RE: IIS 6.0 Security Thanks! Those docs will be revised soon as TLS 1.0 has also been cracked. (My ancient server does not yet use TLS 1.1, which is currently still "secure".) Now to deal with the TLS Renegotiation... I found a Citrix patch (PSE450R06W2K3030). Now this is where inheriting a Citrix system comes to bite. That hot fix requires a previously release roll-up. That roll-up requires a new version of license server (I seem to remember 11.something). The page goes on to say the roll-up will work with older license server versions, but it will then make the hosted applications unavailable. NICE! From: Webster [mailto:[email protected]] Sent: Tuesday, January 10, 2012 4:58 PM To: NT System Admin Issues Subject: RE: IIS 6.0 Security The Citrix eDocs says if you are using SSL v3 you are not FIPS compliant. You have to use TLS 1.0. SSL/TLS and FIPS Compliance When configured properly, deployments using TLS 1.0 can use FIPS 140-validated cryptographic modules in a manner that is compliant with FIPS 140-2; SSL 3.0 is not FIPS compliant. For more information, refer to the Guidelines for the Selection and Use of the Transport Layer Security (TLS) implementations at http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
