Created Securing the Website (markdown)
							parent
							
								
									9114489d46
								
							
						
					
					
						commit
						be82f065ec
					
				
					 1 changed files with 42 additions and 0 deletions
				
			
		
							
								
								
									
										42
									
								
								Securing-the-Website.md
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										42
									
								
								Securing-the-Website.md
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,42 @@ | |||
| In this guide we take additional steps to secure the website. | ||||
| 
 | ||||
| ## Prerequisites | ||||
| 
 | ||||
| * Using the High Tech Bridge SSL/TLS Security Test: | ||||
|     https://www.htbridge.com/ssl/ | ||||
| 
 | ||||
| ## Report | ||||
| 
 | ||||
| These issues have been found: | ||||
| 
 | ||||
| ### Diffie-Hellman parameter's size is only 1024 bits | ||||
| 
 | ||||
| > The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability | ||||
| 
 | ||||
| Solution: | ||||
| 
 | ||||
| Genarate a 2048 bit Diffie-Hellman pair: | ||||
| 
 | ||||
| ``` | ||||
| $ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048 | ||||
| ``` | ||||
| 
 | ||||
| Add this line in */etc/nginx/sites-available/cms*: | ||||
| 
 | ||||
| ``` | ||||
|     ssl_dhparam /etc/nginx/dhparams.pem; | ||||
| ``` | ||||
| 
 | ||||
| Restart *Nginx*: | ||||
| 
 | ||||
| ``` | ||||
| $ sudo nginx -t && sudo systemctl restart nginx | ||||
| ``` | ||||
| 
 | ||||
| Download the report in PDF form. You should score an A+ for PCI DSS after this. | ||||
| 
 | ||||
| References | ||||
| ---------- | ||||
| * https://weakdh.org/ | ||||
| * https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx | ||||
| * https://letsencrypt.org/certificates/ | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue