Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
advisories/hardeningfeb2019 [2019_02_22 12:57] danadvisories:hardeningfeb2019 [2024_02_28 01:03] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Enterprise File Fabric Hardening Advisory ======+====== Access Anywhere Hardening Advisory ======
 ##### First published on February 13, 2019. ##### First published on February 13, 2019.
 ##### Last edited on February 22, 2019. ##### Last edited on February 22, 2019.
  
 ===== Introduction ===== ===== Introduction =====
-Storage Made Easy takes extensive measures to ensure that the Enterprise File Fabric (EFF) conforms to best practices for information security. From time to time we identify changes that can be made to deployed EFF VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that EFF administrators read this advisory carefully and implement the recommended changes as appropriate for their sites.+ 
 +We take extensive measures to ensure that Access Anywhere (NAA) conforms to best practices for information security. From time to time we identify changes that can be made to deployed NAA VMs to further harden them.  This advisory presents our latest hardening recommendations. We strongly recommend that NAA administrators read this advisory carefully and implement the recommended changes as appropriate for their sites. 
 ===== Apache HTTPD TLS Settings and Ciphers ===== ===== Apache HTTPD TLS Settings and Ciphers =====
  
-TLS versions and cipher recommendations change as new threats are discovered. Some scanning tools will flag the availability of older ciphers and protocol versions in the EFF as minor vulnerabilities.  +TLS versions and cipher recommendations change as new threats are discovered. Some scanning tools will flag the availability of older ciphers and protocol versions in the NAA as minor vulnerabilities.  
-Should you wish to address those, here is how to update the File Fabric's configuration with the latest recommended settings.+Should you wish to address those, here is how to update Access Anywhere's configuration with the latest recommended settings.
  
 We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile. We recommend that you use [[https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=apache-2.4.34&openssl=1.0.1e&hsts=no&profile=modern|Mozilla SSL Configuration Generator]] to generate the list of ciphers. When using the Mozilla SSL Configuration Generator please select Apache  server and Modern profile.
Line 82: Line 84:
  
 ===== Disable CloudFTP ===== ===== Disable CloudFTP =====
-The EFF provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the EFF.  These protocols are presented by the EFF's CloudFTP service.+The NAA provides legacy protocol adaptors that allow you to use  FTP, FTPS or SFTP to access any storage that is connected to the NAA .  These protocols are presented by the NAA 's CloudFTP service.
  
-To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your EFF, you may choose to disable CloudFTP service.  Here is how to do that.+To provide compatibility with a wide range of clients, SFTP and FTPS support many encryption protocols and ciphers including some that are known to be relatively insecure, and the FTP protocol does not support encryption. Unless you have a specific need for FTP, FTPS or SFTP access to your NAA , you may choose to disable CloudFTP service.  Here is how to do that.
    
 As root: As root:
Line 95: Line 97:
 #### (for initial deployments of version 1901 or  earlier) #### (for initial deployments of version 1901 or  earlier)
    
-The EFF's Apache Web server configuration allows access to a directory containing icons.  Although this is not a security risk, some scanning tools will flag it as one. Here is how to remove access to that directory.+The NAA 's Apache Web server configuration allows access to a directory containing icons.  Although this is not a security risk, some scanning tools will flag it as one. Here is how to remove access to that directory.
  
 As root remove the following file: As root remove the following file:
© Copyright 2024 Nasuni.