Since the wiki site is barfing tonight… I’m trying to add this to the PCI DSS document on the wiki and it will also be in the SMB Kitchen doc on PCI DSS

Server flagged as failing IIS BEAST vulnerability

Solution courtesy of Bob Groger on the SBS2k listserve:
Client used Trustwave for their PCI DSS scans and they kept failing for BEAST vulnerability. I did all the registry edits, rearranged cipher orders, rescanned for hours. It either failed, or RWW didn’t work. Finally I found the tool at
https://www.nartac.com/Products/IISCrypto/Default.aspx and followed the instructions athttp://www.amixa.com/blog/2012/12/22/how-to-get-iis-7-5-web-server-to-pass-the-beast-pci-vulnerability-compliance-scans/

 

Comments are closed.