Home / Uncategorized / Tips to Make Your SSL Secure For Best Website Security

Tips to Make Your SSL Secure For Best Website Security

 Tips to Make Your SSL Secure For Best Website Security: As SSL technology evolves and changes, new vulnerabilities begin to cause problems. Secure socket layer (SSL) technology has changed in recent years, and new vulnerabilities have also been discovered. This tip explores the new SSL security landscape and outlines emerging security issues. It Provides you best website security. Read on to learn the latest on these SSL security issues and steps companies can take to overcome them and implement SSL securely:

 Tips to Make Your SSL Secure For Best Website Security

1.The SSL certificate

The SSL certificate is a key component of SSL security and indicates to users that the website can be trusted. With this in mind, it must be obtained from a reliable certificate authority (CA) – the larger the market share the better, as that means there is less chance the certificate will be revoked.

 SSL certificate

Organizations should not rely on self-signed certificates. The certificate should ideally use the SHA-2 hashing algorithm, as there are currently no known vulnerabilities in this algorithm.

Extended Validation (EV) certificates provide another means of increasing trust in the security of the website.

Most browsers show websites that have EV certificates in a sage green color, providing a strong visual clue to end users that the website can be considered safe to use. This tip Provides You best website security.

2.Disable support for weak ciphers

Almost all web servers support strong (128 bit) or very strong (256 bit) encryption ciphers, but many also support weak encryption, which can be exploited by hackers to compromise your enterprise network security. This tip Provides You best website security.

Disable support for weak ciphers

There is no reason to support weak ciphers, and they can be disabled in a couple of minutes by configuring your server with a line like:

” SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW 

3. Make sure your server doesn’t support insecure renegotiation

The SSL and TLS Authentication Gap vulnerability allow a man-in-the-middle to use renegotiation to inject arbitrary content into an encrypted data stream.

Most major vendors have issued patches for this vulnerability, so if you have not already done so make it a priority to implement secure renegotiation or disable insecure renegotiation (making any necessary changes to your site) at the very least. This tip Provides You best website security.

4.Ensure that all stages of authentication are performed over SSL

Protecting your user credentials is key, and that means sending users your login form over an SSL connection as well as protecting their credentials with SSL when they are submitted to you.

Authentication are performed over SSL

Failure to do this makes it possible for hackers to intercept your form and replace it with an evil insecure one which forwards users’ credentials to their own servers. This tip Provides You best website security.

5. Don’t mix SSL protected content and plaintext on your web pages

Mixed content can lead to your site being compromised because a single unprotected resource like Javascript could be used to inject malicious code or lead to a man-in-the-middle attack.

Use HTTP Strict Transport Security (HSTS) to protect your domains (including sub-domains)

When your website is protected using HSTS, after the first visit all links to the website are converted from HTTP to https automatically, and visitors cannot access the site again unless it is verified by a valid, non-self-signed certificate.

That means that hackers will be unable to divert your users to a phishing site that they control over an insecure link (using SSL stripping ) or steal unsecured session cookies (using Firesheep.).This tip Provides You best website security.

6.Protect cookies using the HttpOnly and Secure flags

Cookies that are used for authentication for the duration of an SSL session can be used to compromise the session’s SSL security.

Protect cookies using Secure flags

The HttpOnly flag makes the cookies you issue invisible to client-side scripts, so they can’t be stolen via cross-site scripting exploits.

While the Secure flag means the cookie can only be transmitted over an encrypted SSL connection and therefore can’t be intercepted.

Configuring your web server to issue cookies with both the HttpOnly and Secure attributes protects against both these types of attacks. This tip Provides You best website security.

7. Use Extended Validation (EV) certificates

Although this is not vital for the security of your site, EV certificates give a clear visual confirmation in most browser address bars that visitors have made a secure SSL connection to a site that is genuinely yours, and have not been diverted to a phishing site.

Extended Validation (EV) certificates

EV certificates are only issued after a certificate authority has taken rigorous steps to confirm your identity and that you own or control the domain name for which the certificate is being issued. This tip Provides You best website security.

8.Ensure your certificates include subdomains

To avoid site visitors getting certificate errors to make sure that both https://www.yourdomain.com and https://yourdomain.com are covered by your SSL certificate.

Certificates include subdomains

You can do this using a multi-domain SSL certificate which will usually allow you to specify up to three Subject Alternative Names (SANs)

9.Run an online SSL Server test

You can check your overall SSL security posture, including SSL server configuration, certificate chain, and protocol and cipher suite support, as well as search for known weaknesses such as the renegotiation vulnerability, using the free Qualys SSL Labs SSL Server Test. This tip Provides You best website security.

So these are the Tips to Make Your SSL Secure For Best Website Security.

 

 

About aqeel

Check Also

Use of Taps and Span Ports in Cyber Intelligence Applications

Use of Taps and Span Ports in Cyber Intelligence Applications: Cyber warfare is unfortunately no …

2 comments

  1. wao nice article iilove this article

Leave a Reply

Your email address will not be published. Required fields are marked *