Windows server 2008 enables SSL v2 and SSL v3 by default. These versions are outdated weak and exposed to recent threats, including POODLE. To secure the server and pass PCI compliance checks you must disable these weak ciphers and enforce clients to use TLS 1.0 or greater.
Here’s how to disable SSL v2:
1. Start – Run Continue reading
I just installed a fresh VMware ESXi 5.5 and configured the firewall using vSphere client to not allow remote connections. When testing the firewall I noticed that the rules weren’t working. There seems to be no way to see the status of the firewall or enable/disable it through vSphere but it turned out to be disabled by default.
To enable the firewall, log in to SSH and type this command:
esxcli network firewall set --enabled true
WordPress is a popular target for attackers and currently there are a lot of botnets discovering vulnerable sites and trying to brute force the admin password. If you haven’t hardened your WordPress installation, this is the perfect time to do that.
1. Don’t use the defaults
When installing a new instance of WordPress, make sure you choose other name for the administrator account than admin and change the default table prefix (wp_) to anything else.
SSL v2 is weak and outdated protocol. All modern browsers support SSL v3 and it’s enabled by default on Windows 2008 (IIS 7 / IIS 7.5). To make sure all clients are using SSL v3 we must disable SSL v2. This is required for PCI compliance. Continue reading