Do you disable insecure protocols?

Updated by Brady Stroud [SSW] 1 year ago. See history

123

For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.
Using a tool called "IIS Crypto 3.2" by [Nartac](https://www.nartac.com/Products/IISCrypto), these protocols can be easily disabled instead of having to manually edit the Registry Keys.

1. Download IIS Crypto 3.2 (<https://www.nartac.com/Products/IISCrypto/Download>)
2. Run this on the server you wish to lock down
3. Select the best practices button

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "goodExample",
    figure: 'Good example – TLS should be enabled and SSL should be disabled',
    shouldDisplay: true
  }}
  src="/uploads/rules/do-you-disable-insecure-protocols/iis-crypto-3-2.png"
/>

4. Ensure that TLS 1.0 and TLS 1.1 is also disabled | hit apply
5. The server will need to be rebooted before the settings take effect

Categories

Rules to Better Security
acknowledgements
related rules