Hello, I am in the process of running a PCI Compliance scan but I am constantly failing. It looks as though I am receiving the sam "Threat" error in ever category. My company currently have a Firewall, an Intranet residing on a Windows server 2003 box using Share Point and IIS6 (Im not sure if its the firewall policies thats causing us to fail or if there is something that I should install on the server, etc. The errors are listed below. THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. IMPACT: An attacker can exploit this vulnerability to read secure communications or maliciously modify messages SOLUTION: Disable SSLv2. Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line: SSLNoV2 How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030 ***I have no idea what they are refering to. Is it my Intranet, My Firewall, FTP? Please help. THanks so Much, !!

Hi, Please refer to this artical http://support.microsoft.com/kb/245030 Meanwhile, as this is Server side issue related, it is suggested to post to the proper forum and get more specific instruction. http://social.technet.microsoft.com/Forums/en-US/category/windowsserver Regards, Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.