Gen EDGE

View Only

Suggestions for improving our Web Servers Security - Are they feasible?

Marios Tofarides posted Mar 28, 2024 08:04 AM

Hey everyone,

We've had some suggestions regarding our Gen Web Servers. We are on Gen 8.5 and our Web Servers are Windows Servers 2016.

The suggestions to implement are the following:

Disable support for the SMBv1 protocol and enable support for SMBv2 or SMBv19

Update to Microsoft IIS 10.0

Are these changes compatible with our infrastructure and Gen version? Is it safe to proceed?

Regards,

Marios

Broadcom Employee Attila Fogarasi posted Mar 30, 2024 07:09 PM

IIS 10.0 is a standard component of Windows Server 2016 -- so you must have chosen to backlevel it when 2016 was installed. What else was back-leveled and why? That could be a bigger concern than GEN.

Broadcom Employee Lynn Williams posted Apr 02, 2024 01:30 AM

Hi @Marios Tofarides

From what I can find, although Gen 8.5 was certified with Windows Server 2016, it was only certified for IIS 8.5 before it went End Of Service on June 30, 2021, which is maybe why you are now only moving now to IIS 10.0

There is no official information available for Gen 8.5 compatibility with IIS 10.0. Having said that, continuing to use the same supported .NET Framework version 3.5 SP1 for Gen 8.5 is probably more relevant/important.

Windows SMB is a Network file sharing protocol which as far as I know should not impact your Gen web applications unless you have external code that is somehow using it.

Regards

Lynn

Geoff Stratton posted Apr 02, 2024 07:03 PM

Hi @Marios Tofarides

We are successfully running Gen 7.6 .NET proxies under IIS 10.0 on Windows Server 2022. As @Lynn Williams mentioned you need to configure IIS to use the appropriate .NET framework.

Marios Tofarides posted Apr 04, 2024 02:41 AM

@Attila Fogarasi I'm not aware of the reason. I believe it is because as @Lynn Williams said "it was only certified for IIS 8.5 before it went End Of Service on June 30, 2021"

@Lynn Williams thanks for the information.