Fixing Bugs and Vulnerabilities
We have been doing some administration on the server and we have decided to enable Perfect Forward Secrecy on our SSL site to improve our security rating which can be viewed using this website we also modified some of the ciphers used.Our server has also been patched and configured to cover heartbleed, shellshock and POODLE vulnerabilities which have all been made public and fixed already.
 |
| Bugs |
Perfect Forward Secrecy
Enabling PFS makes our site more secure due to a new key being generated for each session rather than the same key being used. Again configuring this is quite simple.Poodle
SSLv3 was disabled to cover the POODLE vulnerability which makes man in the middle attacks possible this process is simple and there is a good document about it here all you need to do is disable -SSLv3.Shellshock
Bash has been patched to the most recent version although I would think we are not affected by this attack vector but it is better to be safe.Heartbleed
This one was patched up a long time ago and we have no reason to believe that any of our private keys were leaked because it would be quite an obvious intrusion which we have not noticed.Future Improvements
One improvement we will be implementing is using SHA256 when creating the certificate rather than SHA1 which is a weaker implementation this will be done when we update our SSL certificate.We plan on moving the main website over to HTTPS with SPDY soon because we feel this is the way the web is moving and it offers more speed and security so it makes sense.
No comments:
Post a Comment