SSL Labs – Securing Apache

SSL Labs – Securing Apache

Today we will show you several things you can do to help secure apache web servers, we proudly provide TheCodeAsylum SSL Labs report as an example.

Use PowerShell to Check .NET version and update
WSUS Updates with PowerShell and PDQ
Fix Blue Screen of Death BSOD

Today we will show you several things you can do to help secure apache web servers, we proudly provide TheCodeAsylum SSL Labs report as an example.

Open the SSL Labs Report on TheCodeAsylum – 11/12/2018

Securing Apache
You should be disabling weak ciphers and TLS1.0, and enforcing HSTS, at the minimum, here we show you how to do that on Apache:

Service Configuration/Apache Configuration/Global Configuration, edit SSL Cipher Suite: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!AES256-GCM-SHA384:!AES128-GCM-SHA256:!AES256-SHA256:!AES256-SHA:!AES128-SHA256:!AES128-SHA

Service Configuration/Apache Configuration/Global Configuration, edit SSL/TLS Protocols:
All -SSLv2 -SSLv3 -TLSv1
(check before disabling TLSv1.0, it might not right choice for large public websites)

Service Configuration/Apache Configuration/Include Editor, edit Pre Main Include (All Versions) and paste these two lines:
Header always set Strict-Transport-Security “max-age=31536000; includeSubdomains;”
SSLHonorCipherOrder on

Multi-Factor
Additional security for your web applications:

At TheCodeAsylum we also implement Two-Factor Authentication for our site, we currently use Google Authenticator, this requires a username/password and also an authentication code from the google authenticator app. This satisfies the “Something You Know” and “Something You Have” principles of security.

Resources
List of resources that will be beneficial to you:

HTTP Strict Transport Security Cheat Sheet
Ciphers
SSL Labs

 
Code Monkey
Code Monkey 2018-11-13 22:13:10
| |

Can anyone else add additional steps that should be taken?