Do you disable insecure protocols?
21/11/2017 4:22 AM by
For better server security (especially regarding public facing servers), certain security protocols and ciphers should be disabled.
Using a tool called "IIS Crypto 2.0" by
Nartac, these protocols can be easily disabled instead of having to manually edit the Registry Keys.
- Download IIS Crypto 2.0 (https://www.nartac.com/Products/IISCrypto/Download )
- Run this on the server you wish to lock down
- Select the best practices button
- Figure: Good example – TLS should be enabled and SSL should be disabled
- Ensure that TLS 1.0 is also disabled and hit apply
- The server will need to be rebooted before the settings take effect
Do you feel this rule needs an update?