encryption, which we currently regard as those with key lengths at least 56
bits. This is considerably easier to exploit if the attacker is on the same
physical network.
Some of the such weak cipher suits are:
- DES-CBC(56)
- DES-CBC(40)
- RC4(40)
- RC2(40)
I was administering set of Windows servers and here are the steps that I followed to disable these weak cipher suits.
To enable/disable Weak Cipher Suites in Windows Server 2003:
Start Registry Editor (Regedt32.exe), and then locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL
To enable this cipher algorithm, change the DWORD value data of the Enabled value to 0xffffffff. Or, change the DWORD value data to 0x0.
If you do not configure the Enabled value, the default is enabled. This
registry key does not apply to an exportable server that does not have
an SGC certificate.
To disable this cipher algorithm, change the DWORD value data of the Enabled value to 0x00000001.
To enable/disable Weak Cipher Suites in Windows Server 2008:
This will be completed later.
0 comments:
Post a Comment