While doing some end of the year vulnerability scans, we were getting some web servers coming back with some potential security threats, all too common in the IT world. Looking for a faster method to patch up these holes, I came across a very neat little tool Call IIS Crypto made by the good people at Nartac Software. Their explanation of the tool:
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click and test your website.
All of that in one tool? No registry edits? No dealing with .dll files? Genius. Pure genius.
We use Greenbone Security Assistant to run vulnerability scans. You can see for one of the issues that there are weak ciphers accessible on port 443.
Using simply best practices, this little tool disabled all of them. An “apply” and reboot and we were golden.
There are good people in the world. These people make little apps like these.