please help to advice to close VA- PT on public IPs & need to understand impact and soluation to closer
Question
Hi Team
we have standalone sccm ibcm server.
server 2rk | SCCM 1906
on public ips. PT – help to advice to close VA solution and impact if anything change. with SCCM functionality
8531 | HSTS Missing From HTTPS Server | The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS) | The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. |
Answers ( 5 )
Did you get solution for this ? I will close the thread for now
Normally after PEN test they only provide the solution to fix it. Didn’t they ?
We just need to check whether all those fixes create some issues with SCCM functionality or not …
Hello sir / Everyone,
Need your urgent help on this ,
As i mention issue regarding PT on SCCM Public IPs where below PT avail on port.
Port Name
443 HSTS Missing From HTTPS Server
8531 HSTS Missing From HTTPS Server
currently OS version 2012 r2 and IIS 8.5 version running. to fix PT.
below solution applied. after solution VA Closed.
But issue with SCCM communication MP not working – client communication stopped. – we need your help regarding this is there any MS article where mention regarding HSTS not compatible for SCCM IBCM server or any other – where we can provide to security team to close VA/PT – base on articles.
Configure HTTP headers per website using IIS manager
Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager.
1. Click on HTTP Response Headers.
2. Click on Add… in the Actions panel.
3. Enter the following values in the Add Custom HTTP Response Headers dialog box:<
4. Name: Strict-Transport-Security
5. Value: max-age=31536000
6. Close the IIS Manager after confirmation.
7. Restart the WebSite/IIS
Redirecting visitors to the HTTPS URL (If port 80 is used with HTTP)
Open the Internet Information Services (IIS) Manager via Start → Administrative Tools → IIS Manager.
1. Click on HTTP Redirect.
2. Check the Redirect box and enter the target URL (HTTPS). Set the status to permanent redirect (301)
3. Restart IIS/Website
–
What is VA PT?
T Vulnerability Assessment and Penetration Audit & Testing (VAPT)
on server we got PT.