Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
hardening-enterprise-filefabric [2019_04_11 16:30] – [SSH Settings EFF Version <= 1901] stevenhardening-enterprise-filefabric [2024_04_16 18:01] (current) – [SSH Settings NAA Version <= 1901] steven
Line 1: Line 1:
-====== Hardening Enterprise File Fabric ======+====== Hardening Access Anywhere ======
  
  
Line 44: Line 44:
 </code> </code>
  
-===== SSH Settings EFF Version <= 1901 ===== 
-This is only required for EFF instances that were initially deployed before 1901, that are configured with a low security cipher. Please make the following changes. 
- 
-As the root user edit the following file with the vi or nano editors: 
-<code> 
-vi /etc/ssh/sshd_config 
-</code> 
- 
-Find and replace the following line: 
-<code> 
-Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc 
-</code> 
- 
-with these 3 lines 
- 
-<code> 
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 
- 
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr 
- 
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com 
-</code> 
- 
-After saving the file restart sshd service 
- 
-<code> 
-systemctl restart sshd 
-</code> 
  
 ===== Disable CloudFTP ===== ===== Disable CloudFTP =====
-EFF provides legacy protocol adaptors i.e you can access any storage using FTP, FTPS and SFTP.+NAA provides legacy protocol adaptors i.e you can access any storage using FTP, FTPS and SFTP.
 FTP provider is unencrypted protocol. Disable FTP, FTPS and SFTP service depending on your security policy.  FTP provider is unencrypted protocol. Disable FTP, FTPS and SFTP service depending on your security policy. 
-For compatibility SFTP and FTPS support a wide range of encryption protocols and ciphers. For a locked down EFF deployment we recommend disabling CloudFTP service+For compatibility SFTP and FTPS support a wide range of encryption protocols and ciphers. For a locked down NAA deployment we recommend disabling CloudFTP service
  
 As root As root
Line 84: Line 56:
 </code> </code>
  
-=====  Remove Apache HTTPD server Configuration EFF version <= 1901 ===== +=====  Remove Apache HTTPD server Configuration NAA version <= 1901 ===== 
 The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk.  The icons directory is listed , this is not a security risk but some scanning tools can mark it as security risk. 
  
© Copyright 2024 Nasuni.