question

LakshmiNarayanan-5070 avatar image
0 Votes"
LakshmiNarayanan-5070 asked LakshmiNarayanan-5070 commented

Windows web servers should be configured to use secure communication protocols

HI,

I have one Windows 2016 prod server on Azure Cloud. As per Advisor services, its recommend to clear this High Severity - Windows web servers should be configured to use secure communication protocols.

I have configured all the things which Azure were mentioned in remediation steps.

To ensure your windows web server is using secure communication protocol:

  1. Enable TLS on your machine. For Windows Server 2008 R2, Windows Server 2012, or Windows 7, install the update at https://support.microsoft.com/help/3140245. For Windows 2012 R2 Server or later, no updates are necessary as TLS

  2. 2 is enabled by default.

  3. Update the Windows and WinHTTP registry keys (or verify that they're correct) according to the information here: https://docs.microsoft.com/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_winhttp.

  4. Ensure you're running .NET

  5. or later and that the necessary .NET registry keys are set according to the information here: https://docs.microsoft.com/mem/configmgr/core/plan-design/security/enable-tls-1-2-client#bkmk_net

After i configured above steps, this High severity disappeared. But its again appearing since one week. Where i'm wrong? Can i exempt this severity? Can any one please advice on this?

azure-virtual-machinesazure-cloud-services
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Use PowerShell DSC to lock down settings, and then such issues should go away, https://docs.microsoft.com/en-us/powershell/scripting/dsc/overview/overview?view=powershell-7.1

0 Votes 0 ·

Can you please share the powershell code to lock down settings in Azure VM?

0 Votes 0 ·

Thanks,
I just followed below link and execute the powershell commands. Is this correct or not?

https://docs.microsoft.com/en-us/powershell/scripting/dsc/getting-started/wingettingstarted?view=powershell-7.1

0 Votes 0 ·

0 Answers