Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
advisories/hardeningfeb2019 [2019_02_13 11:04] – kamran1 edit kamranadvisories/hardeningfeb2019 [2019_02_13 11:05] – kamran edit2 kamran
Line 5: Line 5:
 ===== Introduction ===== ===== Introduction =====
 Although Storage Made Easy takes extensive measures to ensure that the Enterprise File Fabric (EFF) conforms to best practices for information security, from time to time we identify changes that can be made to deployed EFF VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that EFF administrators read this advisory carefully and implement the recommended changes as appropriate for their sites. Although Storage Made Easy takes extensive measures to ensure that the Enterprise File Fabric (EFF) conforms to best practices for information security, from time to time we identify changes that can be made to deployed EFF VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that EFF administrators read this advisory carefully and implement the recommended changes as appropriate for their sites.
-===== HTTPS Apache HTTPD TLS Settings and Ciphers =====+===== Apache HTTPD TLS Settings and Ciphers =====
  
 TLS versions and cipher recommendations change as new threats are discovered. Some scanning tools will flag the availability of older ciphers and protocol versions in the EFF as minor vulnerabilities.  TLS versions and cipher recommendations change as new threats are discovered. Some scanning tools will flag the availability of older ciphers and protocol versions in the EFF as minor vulnerabilities. 
Line 12: Line 12:
 We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile. We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile.
 <WRAP center round important 60%> <WRAP center round important 60%>
 +On the date of writing these are the modern setting recommended by Mozilla. Use them if all your clients(OS, mobile devices) are the latest versions.
 </WRAP> </WRAP>
  
© Copyright 2024 Nasuni.