please help to advice to close VA- PT on public IPs & need to understand impact and soluation to closer

Question

Hi Team

we have standalone sccm ibcm server.

server 2rk | SCCM 1906

on public ips.  PT – help to advice to close VA solution and impact if anything change. with SCCM functionality

8531 HSTS Missing From HTTPS Server The remote HTTPS server is not enforcing HTTP Strict Transport
Security (HSTS)
The lack of HSTS allows downgrade attacks,
SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking
protections.
in progress 0
Dinesh Gore 1 month 4 Answers 56 views Beginner 0

Answers ( 4 )

  1. Normally after PEN test they only provide the solution to fix it. Didn’t they ?

    We just need to check whether all those fixes create some issues with SCCM functionality or not …

    • Hello sir / Everyone,

      Need your urgent help on this ,

      As i mention issue regarding PT on SCCM Public IPs where below PT avail on port.
      Port Name
      443 HSTS Missing From HTTPS Server
      8531 HSTS Missing From HTTPS Server

      currently OS version 2012 r2 and IIS 8.5 version running. to fix PT.
      below solution applied. after solution VA Closed.

      But issue with SCCM communication MP not working – client communication stopped. – we need your help regarding this is there any MS article where mention regarding HSTS not compatible for SCCM IBCM server or any other – where we can provide to security team to close VA/PT – base on articles.

      Configure HTTP headers per website using IIS manager
      Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager. 

      1. Click on HTTP Response Headers.
      2. Click on Add… in the Actions panel.

      3. Enter the following values in the Add Custom HTTP Response Headers dialog box:<
      4.       Name: Strict-Transport-Security
      5.       Value: max-age=31536000
      6. Close the IIS Manager after confirmation.
      7. Restart the WebSite/IIS
      Redirecting visitors to the HTTPS URL (If port 80 is used with HTTP)
      Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager.
      1. Click on HTTP Redirect.
      2. Check the Redirect box and enter the target URL (HTTPS). Set the status to permanent redirect (301)
      3. Restart IIS/Website

Leave an answer

Sorry, you do not have a permission to answer to this question .