Friday, July 9, 2010

SSL Configuration in Critical

Almost every website out there uses SSL in some way for security. In fact, its used so much and has such a good reputation, that people tend to ignore it and don't pay attention to its shortfalls - or at least shortfalls in the way in which it is installed.

There is scope for a periodic review of any SSL installation, to see which version of SSL is used (whether it's up to date), configuration weaknesses in the type of Web server being used and configuration issues such as cipher suites and protocol support.

Not only can such a review improve security, it can avoid scaring customers away with false security messages, such as invalid certificates.

For an article on this idea, check out this link.

No comments: