It is an outside scan... The systems in question (some of which are in a DMZ) are all MIP'd addresses in the firewall configuration.
From: Andrew S. Baker [mailto:[email protected]] Sent: Friday, January 20, 2012 10:05 AM To: NT System Admin Issues Subject: Re: Citrix security frustrations Are these security scans being conducted inside or outside the network? Don't you have a firewall or IPS that you could use to mitigate these issues in addition to changing them at the server level? ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Jan 20, 2012 at 9:41 AM, Richard McClary <[email protected]<mailto:[email protected]>> wrote: Greetings! PCI Compliance scan on our Citrix system ("old" Presentation Server 4.5 on IIS 6.0) done back in October included these remediation steps: Disable WebDAV: As per instructions, I went into the IIS manager, web extensions, and saw it was "Prohibited". It still is. However, the scan done last week shows the same thing - indicates nothing was done. Disable TLS Renegotiation: According to the Citrix site, the solution is to apply Hot Fix PSE450R06W2K3030. So, after seeking the version for PS 4.5 and applying it, guess what? "Disable TLS Renegotiation" again. @#*& !!! ??? I mean, it's bad enough that SSL 3.0 and TLS 1.0 have been cracked (no mention of that in the scan report), but this stuff (which is supposed to have been remedied by those who have been faithfully applying MS patches over the years) is nuts! Thanks... -- richard The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
