Microsoft IIS Server

You may be using Microsoft Internet Information Services (IIS) version 6.0, version 7.0 or even version 8.

There are many questions now arising about Web infrastructure security in relation to the most appropriate Internet Information Services (IIS) version to run in your organization.

Specifically, there exists a lot of confusion regarding which SSL and TLS protocols should be disabled and what the correct order of preference should be. There is even a question about using Microsoft Internet Information Services (IIS) version 6.0 at all!

Many companies need help understanding if they have BEAST (Browser Exploit against SSL/TLS) Vulnerability directly because of the version of Internet Information Services (IIS) they are using.

There is a need to balance the use of newer versions of TLS against the problem of locking out older browsers and users that still rely on them.

Should users configure SSL to prefer RC4 ciphers over block ciphers now that RC4 ciphers are demonstrably broken? What is the SSL Cipher Suite Order best practice?

We have an upgrade path that will get your organization to where it should be and help you make the correct choices for your organization