Server Updates along with Security Updates

As always security is a main concern in our network. We have updated a couple services already and are in the process of updating a few more services currently.

First we have updated NGINX (our webserver) with a few additional modules which will allow us to do a few more optimizations.

We have also increased the SSL security levels. There are some downsides to this. However we believe the upsides outway the downsides.

Cons:

  • Support for IE6 on XP SSL connections have been removed completely.
  • Support for Java6 SSL connections have been removed completely.
  • Support for YandexBot 3.0 SSL connections have been removed completely.

Note: The above were already not supported as none of them support SNI (Server Name Indication). SNI is how SSL connections are defined by domain names rather than IPs. Since our network serve SSL connections based upon Domain names primarily and IPs secondary. Thus the support for the above methods of viewing a SSL site were spotty at best.

Pros:

  • SSL Security score went from 90% to 96.25%, a 6.25% increase.
  • Encryption Speed has been increased.
  • SSL connections now have a subsidiary encryption which helps even more against MITM attacks.
  • Possible BEAST exploit has been removed completely.
  • Possible Lucky Thirteen exploit has been removed completely.
  • Possible CRIME exploit has been removed completely.

Note: Above exploits above were possible due to Encryption methods which were available in the server to support the above methods of a SSL connection. With these removed the possible exploits are removed as well.

Last updated by at .

2 responses on “Server Updates along with Security Updates

  1. Виктор

    Some programs can update themselves via the Internet with very little or no intervention on the part of users. The maintenance of server software and of operating systems often takes place in this manner. In situations where system administrators control a number of computers, this sort of automation helps to maintain consistency. The application of security patches commonly occurs in this manner.

  2. Gerald

    Excellent goods from you, man. I have understand
    your stuff previous to and you’re just extremely excellent.
    I actually like what you’ve acquired here, really like what you’re stating and the way in which you say it.
    You make it entertaining and you still take care of to keep it smart.
    I can’t wait to read far more from you. This is really a tremendous web site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *