Why have you not installed HRP7 on your servers? What server is failing on WebDAV?
Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Richard McClary <[email protected]<mailto:[email protected]>> Reply-To: NT Issues <[email protected]<mailto:[email protected]>> Date: Fri, 20 Jan 2012 14:41:59 +0000 To: NT Issues <[email protected]<mailto:[email protected]>> Subject: Citrix security frustrations Greetings! PCI Compliance scan on our Citrix system (“old” Presentation Server 4.5 on IIS 6.0) done back in October included these remediation steps: Disable WebDAV: As per instructions, I went into the IIS manager, web extensions, and saw it was “Prohibited”. It still is. However, the scan done last week shows the same thing – indicates nothing was done. Disable TLS Renegotiation: According to the Citrix site, the solution is to apply Hot Fix PSE450R06W2K3030. So, after seeking the version for PS 4.5 and applying it, guess what? “Disable TLS Renegotiation” again. @#*& !!! ??? I mean, it’s bad enough that SSL 3.0 and TLS 1.0 have been cracked (no mention of that in the scan report), but this stuff (which is supposed to have been remedied by those who have been faithfully applying MS patches over the years) is nuts! ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
