7.8 Ensure DES Cipher Suites is Disabled

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

DES is a weak symmetric-key cipher. It is recommended that it be disabled.
Rationale:
By disabling DES, there is a better chance of maintaining data confidentiality and integrity.

Solution

Perform the following to disable DES 56/56 cipher:
Set the following key to 0.
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56:Enabled

To disable using PowerShell enter the following command:
(Get-Item 'HKLM:\').OpenSubKey('SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers', $true).CreateSubKey('DES 56/56')

New-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56' -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null

See Also

https://workbench.cisecurity.org/files/2297