Security: TLS/SSL Insecure Ciphers (SCHANNEL) | EventSentry

PingSentry | Discord | System32 | GitHub | Free tools

Security: TLS/SSL Insecure Ciphers (SCHANNEL)

78fcd8a8-18af-49f4-8a64-bccb901e5557

This script checks whether insecure protocols are still enabled: SSLV2.0 / SSLV3.0 / TLS 1.0 / TLS 1.1 / RC4.
Known insecure cipher protocols should be disabled but keep in mind that some applications other than web browsers may still rely on older ciphers such as TLS 1.0.

Remediation

Guide to disable insecure cipher protocols: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

More information and recommendations on insecure cipher protocols: https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening

STIG IIS: https://www.stigviewer.com/stig/iis_8.5_server/2019-10-01/

We created a PowerShell Script to automatically disable all insecure ciphers. It can be found at our github repository here https://github.com/eventsentry/scripts/blob/main/disable_insecure_ciphers.ps1

Tags

iis-stig-high compliance-desktop compliance-server security-server security-desktop server desktop nist800-171-desktop nist800-171-server cmmc2-l1-desktop cmmc2-l1-server tisax