Over the last 18 months I have been forced to comply with PCI and a lot of my clients are FCA regulated so we need to be doing Quarterly PCI Scans.

I have a Ethical Hacking Server which connects into my DMZ that I use for performing all of these Scans and its made up of Greenbone Secuirty (OpenVAS) and Nessus. I have other tools for penetration testing such as Armitage/Metasploit etc.

I used Nessus for this Scan as I have a license for 1024 IP’s.

Here is the results:
SSLRC4-1 SSLRC4-2 SSLv2v3-1 SSLv2v3-2

To make life easy I would recommend downloading IISCrypto:
https://www.nartac.com/Products/IISCrypto/

IISCrypto

You can then launch the program and select PCI (recommend) or Best Practices,

Restart the Server for it to take effect

Run the Vulnerability Scan again and the alert will not show.

Please check/confirm you don’t need certain protocols and options for your applications. I have used this program for Exchange 2010/2013 on PCI and have no issues but old Windows OS may experience problems communicating.

Leave a Reply

Your email address will not be published. Required fields are marked *