Tip of the Day #14: A Step to PCI Compliance
6 September, 2009 Leave a comment
If you have a public facing website that accepts credit card payments from customers they you?ll be looking to become PCI compliant. This means you need to improve the security of your website to prevent attack and to prevent data being intercepted by third parties.
SSL 2.0 is now seen as weak and insecure, yet IIS will by default accept connections from older browsers that want to use this. It can be turned off, but it isn?t obvious how to do that. Here?s how to turn off SSL 2.0 on IIS or Microsoft Support has a reference on How to disable PCT 1.0, SSL 2.0, SSL 3.0 or TLS 1.0 in IIS (Internet Information Services).
While many PCI auditing companies will tell you if you are using SSL 2.0 or any other weak techniques, the quick test to ensure the server is not serving pages using SSL 2.0 is to change the Advanced Options in Internet Explorer to only support SSL 2.0.
After that I went to a secure page in the site and got the following error message:
Internet Explorer cannot display the webpage
Most likely causes:
- You are not connected to the Internet.
- The website is encountering problems.
- There might be a typing error in the address.
What you can try:
Diagnose Connection Problems
This problem can be caused by a variety of issues, including:
- Internet connectivity has been lost.
- The website is temporarily unavailable.
- The Domain Name Server (DNS) is not reachable.
- The Domain Name Server (DNS) does not have a listing for the website’s domain.
- If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
For offline users
You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds
- Click the Favorites Center button , click Feeds, and then click the feed you want to view.
To view recently visited webpages (might not work on all pages)
- Click Tools , and then click Work Offline.
- Click the Favorites Center button , click History, and then click the page you want to view.
To ensure the site was working normally, I reset the settings to allow only support SSL 3.0 and TLS 1.0 and tried again.
This time I got the page I was expecting.
Note: You cannot use FireFox to perform this quick test as it does not support SSL 2.0.