Results 1 to 2 of 2
  1. #1
    New Lounger
    Join Date
    Mar 2010
    Green Bay WI USA
    Thanked 0 Times in 0 Posts
    I work in IT at a small bank. We recently had a third party do a vulnerability scan of our servers. The Nessus scan reported that SSL 2.0 is configured on 2 of our Domain Controllers, as were insecure ciphers. One of the machines runs Windows Server 2003, the other Windows Server 2008. I found instructions on MS Technet (Article ID 187498) for disabling SSL 2.0 by adding a Dword "enabled" value = 0 to the appropriate registry key. Other research indicated that the same technique could be used to disable insecure ciphers as well. The article indicated that SSL 3.0 is configured by default on these servers and that in the absence of SSL 2.0, the connection would default to SSL 3.0. One of the technicians here is unconvinced that disabling SSL 2.0 is perfectly safe, and has expressed concern that these domain controllers may want to use it for secure domain related communication. Can anyone shed some light on the subject?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Thanked 955 Times in 886 Posts
    Your DCs should be using IPsec if you want secure comms, SSL is not a valid protocol unless you also have IIS on the DCs (this is very bad in my book, DCs are top of the security tree).
    Maybe you have WSUS installed on the DCs and this means IIS as well?

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts