A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

How do I disable 3DES?



 
 
Thread Tools Rate Thread Display Modes
  #16  
Old February 6th 17, 10:48 PM posted to alt.windows7.general
T
external usenet poster
 
Posts: 4,600
Default How do I disable 3DES?

On 02/04/2017 03:40 PM, Java Jive wrote:
That may be so, but it's a security hole nonetheless.


Ping me if you want my notes on how to harden it.

And by the way, a bazillions times more secure
than a web browser.
Ads
  #17  
Old February 7th 17, 11:43 PM posted to alt.windows7.general
T
external usenet poster
 
Posts: 4,600
Default How do I disable 3DES?

On 02/01/2017 01:01 AM, T wrote:

https://www.nartac.com/Products/IISCrypto

https://www.nartac.com/Blog/post/201...-updated1.aspx


nartac doesn't run on W7. It is a server only product.


I take that back. IISCrypto does operate on W7, even though their web
site says it only works on server products.

With it you can easily disable protocols, including 3DES. But..
disabling 3DES kill Remote Desktop (or I haven't figured a way
around it yet).

-T

  #18  
Old February 11th 17, 04:19 AM posted to alt.windows7.general
T
external usenet poster
 
Posts: 4,600
Default How do I disable 3DES?

On 01/30/2017 10:29 PM, T wrote:
How do I disable 3DES on w7-pro?


Got is figured out. This breaks rdesktop-1.8.3 but works with
mstsc.exe, so ...

Here are my notes:


How to disable 3DES (Sugar32 exploit) in Windows 7 (possibly other
versions):


1) Registry:

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SecurityProviders\SCHANNEL\Ciphers\Triple
DES 168]
"Enabled"=dword:00000000

Note: most easily done with IISCrypto.exe:
https://www.nartac.com/Products/IISCrypto/Download


2) gpedit.msc

-- Computer Configuration
-- Policies
-- Administrative Templates
-- Windows Components
-- Remote Desktop Services
-- Remote Desktop Session Host
-- Security

Specific security layer for remote (rdp) connections
set to "enabled"
set "Security Layer" to "RDP"

Require secure RCP commications
set to "enabled"

3) reboot: shutdown /r /f /t 00




How to test for 3DES (Sugar32):
nmap -p xxxx -Pn --script +ssl-enum-ciphers aaa.bbb.ccc.ddd
--script ssl-cert




 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 03:34 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.