Security default out of the box for port 2222 and port 21 could be better.

I

ikkeben

Verified User
Joined
May 22, 2014
Messages
1,557
Location
Netherlands Germany
Ok most ports are default ok now at fresh install.

But for port 21 FTP:
Support for Triple DES cipher
TriggerThe server supports a cipher suite containing the 3DES cipher.
ContextThree-key-3DES is a cipher with 168-bit keys but an effective key length of 112 bits because of a meet-in-the-middle attack. This is considered enough only for legacy. Furthermore, it has a 64-bit block size, which can be insufficient for some applications, for example because of birthday attacks


And port 2222 DA:
Support for Triple DES cipher
TriggerThe server supports a cipher suite containing the 3DES cipher.
Support for cipher suites giving forward secrecy
TriggerThe server does not support any cipher suites that provide forward secrecy.



Also missing where http2 is default the ocsp stapling
Missing the upcomming HSTS option

And some flowcharts for DA start DOCs setup , you have to find and search a lot of different doc's where simpel flowchart if need that and this do use that doc / config / setup, more UX / User friendly DOCS ?? ;)

For example you get a error name servers in CSF check while not in same default time zone , you have to find oout / look in gey cells of your brain . ;)

should be located in a topologically and geographically dispersed location on the Internet - See RFC 2182 (Section 3.1)

Diffie Helman should be 3072 now i think ?

Some help here https://observatory.mozilla.org/

And those to
Code: 
https://observatory.mozilla.org/analyze/yoururl#third-party

My Email Communications Security Assessment (MECSA)

A tool that allows citizens to assess the security and privacy of their email providers
mecsa.jrc.ec.europa.eu
 
Last edited:
You must log in or register to reply here.
Back
Top