Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
advisories/hardeningfeb2019 [2019_02_13 11:08] kamranadvisories/hardeningfeb2019 [2019_02_22 12:57] dan
Line 1: Line 1:
 ====== Enterprise File Fabric Hardening Advisory ====== ====== Enterprise File Fabric Hardening Advisory ======
-##### First published on February ZZ, 2019. +##### First published on February 13, 2019. 
-##### Last edited on February ZZ, 2019.+##### Last edited on February 22, 2019.
  
 ===== Introduction ===== ===== Introduction =====
-Although Storage Made Easy takes extensive measures to ensure that the Enterprise File Fabric (EFF) conforms to best practices for information security, from time to time we identify changes that can be made to deployed EFF VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that EFF administrators read this advisory carefully and implement the recommended changes as appropriate for their sites.+Storage Made Easy takes extensive measures to ensure that the Enterprise File Fabric (EFF) conforms to best practices for information security. From time to time we identify changes that can be made to deployed EFF VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that EFF administrators read this advisory carefully and implement the recommended changes as appropriate for their sites.
 ===== Apache HTTPD TLS Settings and Ciphers ===== ===== Apache HTTPD TLS Settings and Ciphers =====
  
Line 12: Line 12:
 We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile. We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile.
 <WRAP center round important 60%> <WRAP center round important 60%>
-On the date of writing these are the modern setting recommended by Mozilla. Use them if all your clients(OS, mobile devices) are the latest versions.+On the date of writing these are the modern setting recommended by Mozilla. Use them if all your clients (OS, mobile devices) are the latest versions.
 </WRAP> </WRAP>
  
Line 84: Line 84:
 The EFF provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the EFF.  These protocols are presented by the EFF's CloudFTP service. The EFF provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the EFF.  These protocols are presented by the EFF's CloudFTP service.
  
-To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your EFF, You can disable CloudFTP service.  Here is how to do that.+To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your EFF, you may choose to disable CloudFTP service.  Here is how to do that.
    
 As root: As root:
© Copyright 2024 Nasuni.