Are these security scans being conducted inside or outside the network? Don't you have a firewall or IPS that you could use to mitigate these issues in addition to changing them at the server level?
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Jan 20, 2012 at 9:41 AM, Richard McClary <[email protected]>wrote: > Greetings!**** > > ** ** > > PCI Compliance scan on our Citrix system (“old” Presentation Server 4.5 on > IIS 6.0) done back in October included these remediation steps:**** > > ** ** > > Disable WebDAV: As per instructions, I went into the IIS manager, web > extensions, and saw it was “Prohibited”. It still is. However, the scan > done last week shows the same thing – indicates nothing was done.**** > > ** ** > > Disable TLS Renegotiation: According to the Citrix site, the solution is > to apply Hot Fix PSE450R06W2K3030. So, after seeking the version for PS > 4.5 and applying it, guess what? “Disable TLS Renegotiation” again.**** > > ** ** > > @#*& !!! ???**** > > ** ** > > I mean, it’s bad enough that SSL 3.0 and TLS 1.0 have been cracked (no > mention of that in the scan report), but this stuff (which is supposed to > have been remedied by those who have been faithfully applying MS patches > over the years) is nuts!**** > > ** ** > > Thanks…**** > > --**** > > richard**** > > ** ** > > > The information contained in this e-mail, and any attachments hereto, is > from The American Society for the Prevention of Cruelty to Animals® > (ASPCA®) and is intended only for use by the addressee(s) named herein and > may contain legally privileged and/or confidential information. If you are > not the intended recipient of this e-mail, you are hereby notified that any > dissemination, distribution, copying or use of the contents of this e-mail, > and any attachments hereto, is strictly prohibited. If you have received > this e-mail in error, please immediately notify me by reply email and > permanently delete the original and any copy of this e-mail and any > printout thereof. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
