Jump to content
jmwills

DROWN Attack

Recommended Posts

jmwills

I just happened to stumble across this over on Susan Bradley's site where she mentions the DROWN attack.  I have not been keeping up with security as much as I should have so I tried my URL against the scanning tool provide, and thankfully I was okay, but there are hundreds of homeservers out there with this potential vulnerability.

 

Are you one of them?

 

https://test.drownattack.com/

 

She also mentions several other scanning tools within the blog.

 

 

Share this post


Link to post
Share on other sites
Jason

Do you all recommend launching the IISCrypto app and just applying Best Practices to a WSE12R2 server box?

Share this post


Link to post
Share on other sites
Drashna Jaelre

Do you all recommend launching the IISCrypto app and just applying Best Practices to a WSE12R2 server box?

 

Are you using the remote desktop stuff? 

 

If not, then yes, definitely. 

Share this post


Link to post
Share on other sites
Jason

Yes, I RDP into my server using Remote Desktop Gateway feature OFTEN.

Share this post


Link to post
Share on other sites
Drashna Jaelre

Yes, I RDP into my server using Remote Desktop Gateway feature OFTEN.

Are any of the clients you're RDPing to/from using Windows 7 or older? 

 

If so, then that's an issue. Otherwise, you're good to go. 

 

But do check this out:

https://windowsserveressentials.com/2015/12/14/sbs-2011-standard-disable-tls-1-0/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now




×