Hello,
Our security team is planning to disable RC4 ciphers for our Kerberos tickets on domain controllers. I'm trying to determine what (if anything) I need to do. I've read the following NetApp security advisory:
https://security.netapp.com/advisory/ntap-20150122-0001/
The Workarounds section indicates you can either enable FIPS 140-2 compliance which will automatically disable RC4 cipher support, or simply remove RC4 cipher support and leave everything else the same.
Pages 20 and 21 of the Security Hardening Guide (link below) reference this. The article highly recommends testing, but I don't know what we should test. Does anyone know the potential risks to either action (enabling FIPS or just disabling RC4)? Would I need to do either just because they are turning off RC4 for DC auth? Any direction will be helpful! Thank you.