So, no IPS then? These things can be mitigated at the host, the load-balancer, the firewall (to some extent, depending on the device), and the IPS...
* * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Jan 20, 2012 at 11:26 AM, Richard McClary <[email protected] > wrote: > It is an outside scan…**** > > ** ** > > The systems in question (some of which are in a DMZ) are all MIP’d > addresses in the firewall configuration.**** > > ** ** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Friday, January 20, 2012 10:05 AM > *To:* NT System Admin Issues > *Subject:* Re: Citrix security frustrations**** > > ** ** > > Are these security scans being conducted inside or outside the network?*** > * > > ** ** > > Don't you have a firewall or IPS that you could use to mitigate these > issues in addition to changing them at the server level? > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > > > **** > > On Fri, Jan 20, 2012 at 9:41 AM, Richard McClary < > [email protected]> wrote:**** > > Greetings!**** > > **** > > PCI Compliance scan on our Citrix system (“old” Presentation Server 4.5 on > IIS 6.0) done back in October included these remediation steps:**** > > **** > > Disable WebDAV: As per instructions, I went into the IIS manager, web > extensions, and saw it was “Prohibited”. It still is. However, the scan > done last week shows the same thing – indicates nothing was done.**** > > **** > > Disable TLS Renegotiation: According to the Citrix site, the solution is > to apply Hot Fix PSE450R06W2K3030. So, after seeking the version for PS > 4.5 and applying it, guess what? “Disable TLS Renegotiation” again.**** > > **** > > @#*& !!! ???**** > > **** > > I mean, it’s bad enough that SSL 3.0 and TLS 1.0 have been cracked (no > mention of that in the scan report), but this stuff (which is supposed to > have been remedied by those who have been faithfully applying MS patches > over the years) is nuts!**** > > **** > > Thanks…**** > > --**** > > richard**** > > **** > > ** ** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
