Skip to main content

Sweet32 - Vulnerbility

By Er.Susheel

Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data.

Severity: Medium
CVE Number: CVE-2016-2183


For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com

Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example

  • Apache
  • Nginx etc
 
Important Point to Remember : 1 :
 
Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software update disables them by default.   

                                                      
Important Point to Remember : 2 : 
 On Windows 7/10 systems running RDP (Remote Desktop Protocol), the vulnerable cipher that should be disabled is labeled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.   

 
Important Point to Remember : 3 :
  
Please limit the number of requests client can make in a single TLS session and / or the keep-alive timeout value, If disabling 64 bit block ciphers is not possible. 

====================================X============X=================================================

Contact support@linuxforeveryone for any Freelancing work on Linux Servers

Subscribe my YouTube Channel 

Like My Facebook Page 

Browse the Best in class Web Hosting Plans
Labels:
Location: India

Comments

Post a Comment

Popular posts from this blog

Multiple instances of redis

By Er.Susheel
In the last post I have covered how to install redis server on Centos/Rhel using rpm method and yum method and some troubleshooting skills. In this post i am going to cover how to install and configure redis to run with multiple ports.                                                                           But why we need more ports ? If you have read my earlier post , you already know that by default redis runs on single port 6379, which any one can use it for small website to cache the data. But for heavy website like magento we need to use additional ports along with 6379 to serve different cache from different ports. Like in Magento there is simple cache which is normally stored under /var/cache directory. Then there is Full Page Cache which is stored under /var/full_page_cache...
35 comments
Read more

Optimization of Redis

By Er.Susheel
In this Post, I am going to cover how to optimized REDIS  (recently i was reading this random blog giving more clear insight on what is redis and what the use of it in real world) instances as per our requirement. if you are not aware about REDIS at all, you can refer to my previous post where i have covered How To install REDIS on Centos/Redhat servers which goes here . How To Create Multiple instances of REDIS which goes here . What is the Best Standard method to configure REDIS which goes here . So, Lets see how to optimize our redis server. few points you need to keep in mind that which are important while doing optimization and we are going to learn more about shortly. For Freelance Work & Queries Contact me by Email Id support@linuxforeveryone.com Remove any errors you are seeing under redis logs Check the amount of cache size your site is using for each port Set proper eviction policy for redis keys Set proper kernel Settings t...
30 comments
Read more

arbtd: Package isn't signed with proper key

By Linux For Every One
  If you are System Admin and worked on linux machine or servers in your current job or in past. Chances are you might come across linux service abrtd, even if you have not worked on it. but might be through some other work. same thing happened to me, while I was doing my regular work of installing php packages on linux  servers , i came across this error for which spent couple of hours actually to resolve it. T he error was 
Post a Comment
Read more