Hello, I am in the process of running a PCI Compliance scan but I am constantly failing. It looks as though I am receiving the sam "Threat" error in ever category. My company currently have a Firewall, an Intranet residing on a Windows server 2003 box using Share Point and IIS6 (Im not sure if its the firewall policies thats causing us to fail or if there is something that I should install on the server, etc. The errors are listed below. THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. IMPACT: An attacker can exploit this vulnerability to read secure communications or maliciously modify messages SOLUTION: Disable SSLv2. Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line: SSLNoV2 How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030 ***I have no idea what they are refering to. Is it my Intranet, My Firewall, FTP? Please help. THanks so Much, !!

It seems like they are talking about your IIS server and clients too. Please check this link for more details: http://blogs.technet.com/b/askds/archive/2011/05/04/speaking-in-ciphers-and-other-enigmatic-tongues.aspx HTH.My weblog: http://en-us.sysadmins.lv PowerShell PKI Module: http://pspki.codeplex.com Windows PKI reference: on TechNet wiki

Assuming you are using IIS, and not apache, assuming you need SSLv1 or SSLv2 for each host that failed with this same Threat (SSL exploit), you must use one of the two solutions they refer you to. If you don't use SSL disable SSL, or if you don't use SSLv1/v2, disable SSLv1/v2 instead of using the fixes for SSLv1/v2. How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498 http://support.microsoft.com/kb/187498 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030 http://support.microsoft.com/kb/245030