Hello, I am in the process of running a PCI Compliance scan but I am constantly failing. It looks as though I am receiving the sam "Threat" error in ever category. My company currently have a Firewall, an Intranet residing on a Windows server 2003 box using Share Point and IIS6 (Im not sure if its the firewall policies thats causing us to fail or if there is something that I should install on the server, etc. The errors are listed below. THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. IMPACT: An attacker can exploit this vulnerability to read secure communications or maliciously modify messages SOLUTION: Disable SSLv2. Typically, for Apache/mod_ssl, httpd.conf or ssl.conf should have the following lines: SSLProtocol -ALL +SSLv3 +TLSv1 SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM For Apache/apache_ssl, httpd.conf or ssl.conf should have the following line: SSLNoV2 How to disable SSLv2 on IIS : Microsoft Knowledge Base Article - 187498 How to Restrict the Use of Certain Cryptographic Algorithms and Protocols in Schannel.dll : Microsoft Knowledge Base Article - 245030 ***I have no idea what they are refering to. Is it my Intranet, My Firewall, FTP? Please help. THanks so Much, !!

Tech Savy, you have to take some common sense approach with the results of compliance scans, by default they will complain that you have a problem because you have a network cable attached to the device and the keyboard and mouse pose a security threat. You need to ask a question to yourself/tech staff on this. Is SSL (https://) being used on the server? If the answer is no, then you can go into your iis settings and remove the listener on 443, (check the iis docs, to verify the tab/config, I don't remeber the exact screens off the top of my head). If you are in fact using SSL on 443, then you just have to write this error off as a "known accpetence" I don't see an issue with this. If your post had been, that the scans show that your whole network was open on all ports, then you would have something to worry about. This should fall under the windows security forums. -- :P Advice offered, If you need more help it is advised to seek the council and advice of paid professionals. The answer is always 42, or reboot.

Sorry, but you have posted your question in a forum that talk about Microsoft Operations Framework (MOF), then I am moving your post to another forum and I hope you can get some help. But if you want you can try to find other forum by yourself: http://social.technet.microsoft.com/Forums/en-US/ Hope that helps Regards, Cleber Marques Microsoft MVP & MCT | Charter Member: SCVMM & MDOP MOF Brazil Project: Simplifying IT Service Management My Blog | MOF.com.br | CleberMarques.com | CanalSystemCenter.com.br