Introducing Cloud Roster™ and Cloud Catalog™
The cloud industry continues to mature and organizations are seeking ways to facilitate adoption to remain relevant and competitive. Leadership res...Learn More
(Update) We’ve released some great new content over the past few years, visit Cloud Academy’s Training Library for the latest training material.
In a recent post, we discussed what the POODLE Scans Attack is and how to disable it in Amazon AWS ELB and Cloud Front Services. In this article, we will see how to fix the POODLE on Windows Server 2012 R2. The POODLE Scans Attack is a specific vulnerability of SSLV3.0, so to mitigate this attack we need to disable SSLV3.0 completely.
In Windows Server 2012 R2 the SSL/TLS protocols are controlled by flags in the registry settings. So to disable the SSLV3 we need to edit the registry settings. We need to have Administrator privileges to perform this activity.
Before performing the disabling of POODLE Scan Attack on any device, we need to verify whether hosted domain/host is Vulnerable with respect to POODLE or not.
Vulnerable Domain Non vulnerable domai)
If your domain/URL is shown as vulnerable, the following steps will disable SSL3 and fix the vulnerability:
After the restart, verify whether your changes have applied successfully by checking your domain again on POODLE Scan Test, and you are done!