<Healthcare Network> Server Vulnerability Remediation 7-31
Birthday Attacks
X.X.X.15, X.X.X.67
- Previously solved this issue with registry edits and edits of the NSClient.ini file
- Saved registry protocols had been wiped from VDI
- Found server that had the multiple SSL/TLS vulnerabilities remediated previously
- Exported the security protocols and moved to X.X.X.15
- Imported security protocols registry keys
- Checked the NSClient.ini file and found that it also did not have the necessary edits
- Attempted to edit and save the file, however it would not allow the original .ini file to be replaced from within the NSClient program folder, despite having Admin privileges
- Copied the .ini file into Documents, made necessary edits (change WEBServer and NSCAclient to 0), and then copied back into NSClient program folder to replace the original.
- Rebooted server, checking with ping command
Multiple Python Vulnerabilities
X.X.X.128
- Initial research suggests that the stalled Python on the server is outdated 3.8, and an update to 3.9 would resolve these vulnerabilities
- However, Python does not offer backwards compatibility and updating the package could result in compatibility issues or complications
- After escalating the issue, the agreed upon response was to wait on these vulnerabilities until the <Python Reliant> application is upgraded to see if that resolves the issue
Windows Updates
X.X.X.121, X.X.X.122, X.X.X.143, X.X.X.169, X.X.X.120, X.X.X.135, X.X.X.174, X.X.X.89
- Connected to server through vSphere
- Checked for updates manually using Windows Update, through either control panel or settings depending on the OS
- Downloaded and installed updates
- Restarted server
X.X.X.148, X.X.X.89, X.X.X.176, X.X.X.136
- Connected to server through vSphere
- Checked for updates manually using Windows Update, through either control panel or settings depending on the OS
- Downloaded and installed updates
- Did not have permission to reboot this server, so the updates have not been fully installed yet
Microsoft Internet Explorer Security Update for May 2021
X.X.X.114
- It was agreed among the security team that Internet Explorer should be removed from the server rather than updated
- Received approval from management that Internet Explorer is not required for this server
- Attempted to disable through Control Panel -> Programs and Features -> “Turn Windows features on or off”
- Option was not available for Internet Explorer
- Used Powershell as Admin to disable Internet Explorer through the command line instead
- Ran the command dism /online /Disable-Feature /FeatureName:Internet-Explorer-Optional-amd64
- Restart is required
Remote Management Service Accepting Unencrypted Credentials Detected (FTP)
X.X.X.143
- FTP through port 21 allows unencrypted credentials and data to be passed
- For remediation, the service needs to be changed to a more secure protocol, such as SFTP or FTPS
- Change management needs to be completed first, and approval needs to be gained to ensure there is no interruption of service