Do you disable insecure protocols?

Last updated by Chloe Lin [SSW] about 2 months ago.See history

For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.

Using a tool called "IIS Crypto 3.2" by Nartac, these protocols can be easily disabled instead of having to manually edit the Registry Keys.

  1. Download IIS Crypto 3.2 (https://www.nartac.com/Products/IISCrypto/Download)
  2. Run this on the server you wish to lock down
  3. Select the best practices button

iis crypto 3 2
Figure: Good example – TLS should be enabled and SSL should be disabled

  1. Ensure that TLS 1.0 and TLS 1.1 is also disabled | hit apply
  2. The server will need to be rebooted before the settings take effect
We open source. Powered by GitHub