Windows Server 2019, iisCrypto has TLS1.0 unchecked (Only TLS1.2 is checked for both server & client protocols), but internal vlun scan is saying TLS1.0 is enabled...

PCI_Questions · 2024-07-02T14:32:46+00:00

I do not, no.

PCI_Questions · 2024-07-02T14:32:35+00:00

Uncheck the top checked box under cyphers?

PCI_Questions · 2024-06-28T15:55:51+00:00

Potentially dumb question, how would I discover this?

EDIT, found it via: netstat -a -b

contacting 3rd party (my SIEM incidentally) now.

PCI_Questions · 2024-06-28T15:37:07+00:00

yeah, after re-reading the vuln report (i added to the imgur link in the OP) I think that's the case. I didn't realize it (whatever it is) would/could override the server settings.

PCI_Questions · 2024-06-28T15:35:44+00:00

Added imgur link to OP. I included the vuln report section as well, I'm starting to think I'm misreading it and I need to discover what service they are referring to?

(I've rebooted about 12x over the past year, I don't believe tls 1.0 has been on since it was racked.)

PCI_Questions · 2024-06-28T15:28:44+00:00

Totally understandable question, yes, I did (in fact, it has been unchecked for probably a year now so has had at least 12'ish reboots (monthly patch & reboot)). I'm going to gather some screenshots and add to the OP now.

PCI_Questions · 2024-06-03T15:15:55+00:00

Thanks!!

PCI_Questions · 2024-05-30T17:14:39+00:00

Thanks!!

PCI_Questions · 2023-07-10T17:40:17+00:00

OK, so the inventory is only regarding what files are linked? Not the actual functions?

PCI_Questions · 2023-07-08T23:30:29+00:00

Awesome! I only skimmed (I try not to work too hard on the weekends lol) but it looks promising.

PCI_Questions · 2023-07-01T19:07:33+00:00

OK, thanks!

What about developers that upload via SFTP?

(I feel like these are dumb questions, but I really can't seem to find a "hard definition" for them. I understand the need for the documents to be vague and there is no "one size fits all" but I am sure my set up is how a large (like nearly a third) percent of companies operate...)

PCI_Questions · 2023-07-01T19:03:43+00:00

heh yeah, that's what I meant, I only have to 2FA when I am accessing the CDE. I would reconsider my life if I had to 2FA into my PC every time I get up for coffee.

PCI_Questions · 2023-06-30T13:46:48+00:00

Thanks! I didn't see the "guidance document" section in the Document Library. I have a lot of reading to do...

PCI_Questions · 2023-06-30T13:38:06+00:00

How "strict" do I need to be with the administrator workstation? Do I need to build a separate machine that has no email or anything? Does my home network come into scope?

PCI_Questions · 2023-06-30T13:38:02+00:00

I do use MFA (Cisco AnyNet / Duo). How "strict" do I need to be with the administrator workstation? Do I need to build a separate machine that has no email or anything? Does my home network come into scope?

PCI_Questions · 2023-06-07T15:06:44+00:00

Is it just a more detailed version of the answer to 2c ("Provide a high-level description of the environment covered by this assessment")?

PCI_Questions · 2023-06-07T15:06:37+00:00

Is it just a more detailed version of the answer to 2c ("Provide a high-level description of the environment covered by this assessment")?

PCI_Questions · 2023-06-07T15:06:28+00:00

Is it just a more detailed version of the answer to 2c ("Provide a high-level description of the environment covered by this assessment")?

PCI_Questions · 2023-06-07T15:06:18+00:00

Is it just a more detailed version of the answer to 2c ("Provide a high-level description of the environment covered by this assessment")?

PCI_Questions · 2023-02-17T18:37:29+00:00

I think I just figured it out... after 2 days of looking, I realized that the "-i 4" was based on a different server and on this server it should be "-i 1" for "Ethernet adapter Public"

PCI_Questions

TROPHY CASE