Created Securing the Website (markdown)
parent
9114489d46
commit
be82f065ec
42
Securing-the-Website.md
Normal file
42
Securing-the-Website.md
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
In this guide we take additional steps to secure the website.
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
* Using the High Tech Bridge SSL/TLS Security Test:
|
||||||
|
https://www.htbridge.com/ssl/
|
||||||
|
|
||||||
|
## Report
|
||||||
|
|
||||||
|
These issues have been found:
|
||||||
|
|
||||||
|
### Diffie-Hellman parameter's size is only 1024 bits
|
||||||
|
|
||||||
|
> The Diffie-Hellman parameter's size is only 1024 bits. A longer one must be generated to prevent Logjam vulnerability
|
||||||
|
|
||||||
|
Solution:
|
||||||
|
|
||||||
|
Genarate a 2048 bit Diffie-Hellman pair:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sudo openssl dhparam -out /etc/nginx/dhparams.pem 2048
|
||||||
|
```
|
||||||
|
|
||||||
|
Add this line in */etc/nginx/sites-available/cms*:
|
||||||
|
|
||||||
|
```
|
||||||
|
ssl_dhparam /etc/nginx/dhparams.pem;
|
||||||
|
```
|
||||||
|
|
||||||
|
Restart *Nginx*:
|
||||||
|
|
||||||
|
```
|
||||||
|
$ sudo nginx -t && sudo systemctl restart nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Download the report in PDF form. You should score an A+ for PCI DSS after this.
|
||||||
|
|
||||||
|
References
|
||||||
|
----------
|
||||||
|
* https://weakdh.org/
|
||||||
|
* https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
|
||||||
|
* https://letsencrypt.org/certificates/
|
||||||
Loading…
Reference in a new issue