Hi,
We recently had a nessus scan which found some vulnerabilities with IIS on my Backup Exec (with DLO) server. Specifically SSL Medium Strength Cipher Suites were found to be supported. I can fix this problem but my question is if this is going to break Backup Exec and/Or the DLO option. To fix my issues I need to make the following changes:
Disabling SSL 2.0 on IIS 6
- Open up “regedit” from the command line
- Browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server
- Create a new REG_DWORD called “Enabled” and set the value to 0
- You will need to restart the computer for this change to take effect. (you can wait on this if you also need to disable the ciphers)
Disable unsecure encryption ciphers less than 128bit
- Open up “regedit” from the command line
- Browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56
- Create a new REG_DWORD called “Enabled” and set the value to 0
- Browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128
- Create a new REG_DWORD called “Enabled” and set the value to 0
- Browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128
- Create a new REG_DWORD called “Enabled” and set the value to 0
- Browse to the following key:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128
- Create a new REG_DWORD called “Enabled” and set the value to 0
- You will need to restart the computer for this change to take effect.
Does anyone know what level of encryption BackupExec requires, will these changes break backup exec?
Thanks!
E
