Do you disable insecure protocols?

Updated by Brady Stroud [SSW] 1 year ago. See history

123

<introEmbed
  body={<>
For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.
  </>}
/>
Using a tool called "IIS Crypto 3.2" by [Nartac](https://www.nartac.com/Products/IISCrypto), these protocols can be easily disabled instead of having to manually edit the Registry Keys.

1. Download IIS Crypto 3.2 (<https://www.nartac.com/Products/IISCrypto/Download>)
2. Run this on the server you wish to lock down
3. Select the best practices button

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "goodExample",
    figure: 'Good example – TLS should be enabled and SSL should be disabled',
    shouldDisplay: true
  }}
  src="/uploads/rules/do-you-disable-insecure-protocols/iis-crypto-3-2.png"
/>

4. Ensure that TLS 1.0 and TLS 1.1 is also disabled | hit apply
5. The server will need to be rebooted before the settings take effect

Categories

Rules to Better Security

Acknowledgements

Adam Cogan
Steven Andrews
Kaique Biancatti (Kiki)
Related rules

Need help?

SSW Consulting has over 30 years of experience developing awesome software solutions.

We open source.Loving SSW Rules? Star us on GitHub. Star