Quick SSL Scan

OK so with a my new website up my first thought was ‘right lets secure it!’. Now if only more people thought this way surely we wouldn’t see half the info sec issues we see today. So I’m probably slightly biased on the subject being a Pentester. Not sure if biased or paranoid is better word.

I’m supposed to be on holiday in wales for the bank holiday however 8 hours into the site build and can’t help but think, security. A few tasks later and I navigate to Qualys, lets see where we currently stand, 10 minuets later and I’m building a Kali 2.0 virtual machine in Virtual Box on my laptop in the hopes of pentesting it over 3G!

So a Grade B on ssllabs.com . A little work needed I think.

sslgrabeB

Qualys.com is a great resource for scanning URL’s to see what SSL/TLS cipher suites are in use. Check it out!

Disabling SSL v2, v3 and also RC4 in Apache2.

By the time I had finished typing this post I was up to a A- having disabled RC4 in the SSL.conf file in mods-enabled folder be appending the ‘SSLCipherSuite’ with :!RC4. Disabling SSL v2 and v3 is also a simple step by appending the ‘SSLProtocol’ line with ‘-SSLv3 -SSLv2’ in the same file.

This is very much only a small step towards securing a site, although a good start!

sslA

Facebooktwittergoogle_pluspinterestlinkedinmail

Greetings!

Greetings! Welcome to my InfoSec Site!

Here I will be mostly be talking to myself about Information Security Topics, News, and mini guides. Feel free to join in and comment!

I am also going to be sharing some of the latest Labs and Projects that I am currently working on, short tutorials that I have been through and had to learn along the way. This will be both Windows and Linux based. I will also be sharing some Security techniques, not only in an effort to raise awareness for Information Security, but also to use as my own quick lookup when I need to remember something!

I was inspired to create this site after listening to Defensive Security Podcast and subsequently reading an article titledĀ How to build a successful information security career on their site.

Facebooktwittergoogle_pluspinterestlinkedinmail