building a higher wall

IISFortify is a suite of scripts I produce to optimise the configuration of Windows Schannel and IIS. It bolsters cryptographic standards and HTTP response headers. As my workplace is beginning to dip it’s feet in Server 2016 along with IIS 10, it is about time that the scripts for Server 2012 were updated, along with introducing scripts for Server 2016/Windows 10.
Continue reading “building a higher wall”

out with the old (update)

A very popular post of mine has been ‘out with the old‘, which details a series of scripts for hardening web servers. Since I first posted it there have been a number of changes made to the scripts, following vulnerabilities like POODLE and the recent ‘Bar Mitzvah‘ attack against RC4, so I’ll provide a quick update of those as well as some challenges I’ve encountered.
Continue reading “out with the old (update)”

out with the old

Up until the Snowden revelations SSL/TLS standards were something that had very little attention paid to them: if it was there, it was doing it’s job – but it turns out that isn’t so. In order to provide clients the greatest level of transport security possible, so to protect against threats like monitoring and protocol/cipher downgrade attacks, a little work is required. In a recent post, Zero Trust, I alluded to a suite of scripts used to harden Microsoft web server configurations, and by using these the level of transport security provided out of a Microsoft web server is considered more than ample by industry standards. When applied a server should score an A on the Qualys SSL Labs test.
Continue reading “out with the old”