Skip to content
This repository has been archived by the owner on May 24, 2023. It is now read-only.

sec01

Jump to bottom
My-Random-Thoughts edited this page Oct 28, 2017 · 1 revision

sec-01-schannel-p1-ciphers (Enabled)

Ensure security ciphers are set correctly. Settings taken from https://www.nartac.com/Products/IISCrypto/Default.aspx using "Best Practices/FIPS 140-2" settings.

Input Values

  • DisabledCiphers - "LIST" - Ciphers that should be disabled
  • EnabledCiphers - "LIST" - Ciphers that should be enabled

Example

DisabledCiphers = ('DES 56/56', 'NULL', 'RC2 128/128', 'RC2 40/128', 'RC2 56/128', 'RC2 56/56', 'RC4 128/128', 'RC4 40/128', 'RC4 56/128', 'RC4 64/128')
EnabledCiphers = ('AES 128/128', 'AES 256/256', 'Triple DES 168/168')

Input Descriptions

  • None

Result And Messages

  • PASS
    All ciphers set correctly

  • WARNING

  • FAIL
    One or more ciphers set incorrectly

  • MANUAL

  • NA

Applies To

  • All Servers

Required Functions

  • None
Home | Quick Start ||| Accounts | Drives | HyperV-Host | Network | Regional | Security | SQL | System | Tooling | Virtual

Helpful Links

Check Sections

Clone this wiki locally