SSL 64-bit Block Size Cipher Suites Supported (SWEET32) Vulnerability

Vulnerability:

SSL 64-bit Block Size Cipher Suites Supported (SWEET32)

Risk Level = Medium

Remediation:

Browse to Computer\windows settings\Security settings\local policies\security options.
System Cryptography: Use FIPS Algorithms - select Enabled

1. Browse to Computer\Adminstrative templates\WindowsComponents\Remote Desktop Services\Remote Desktop Session Host\Security
Require use of specific security layer for remote rdp connections – Choose TLS 1.0 Only

Comments

Post a Comment

Popular posts from this blog

Terminal Services Doesn't Use Network Level Authentication (NLA) Only

Vulnerability: Terminal Services Doesn't Use Network Level Authentication (NLA) Only Risk Level: Medium Remediation : To configure Network Level Authentication for a connection 1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. 2. Under Connections, right-click the name of the connection, and then click Properties. 3. On the General tab, select the Allow connections only from computers running Remote Desktop with Network Level Authentication check box.
Read more

Terminal Services Encryption Level Vulnerability

Vulnerability: Terminal Services Encryption Level is Medium or Low Risk Level = Medium Remediation: Set Encryption Level to High Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC) FIPS Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting. This Group Policy setting is located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Read more

Terminal Services Encryption Level is not FIPS-140 Compliant Vulnerability

Vulnerability: Terminal Services Encryption Level is not FIPS-140 Compliant Risk Level = Medium Remediation: FIPS Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting. This Group Policy setting is located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Read more