Making Web interface secure
Q: I have configured Web interface to use HTTPS, to access it from outside local network. How can I further harden security? A: The first piece of advice is to upgrade to the latest IPNetwork version. You can look at release notes list to make sure you are using the latest version that includes security updates to all its components.Web service SSL configuration directives
Below we list some configuration directives from IPNetwork Web service HTTPS-related configuration directives (file conf\ssl_virtualhost_extra.conf in installation directory). The Web server component version used by the latest IPNetwork release is 2.4.62.- SSLProtocol all -SSLv2 -SSLv3
- Turns off insecure SSL v2 and v3 protocols, thus preventing such attacks as POODLE
- SSLCipherSuite AES128+EECDH:AES128+EDH
- Instructs server to use only strong ciphers families (explicitly listed)
- SSLCompression off
- Turns off TLS compression, thus preventing so called CRIME attack
- SSLHonorCipherOrder on
- Gives server priority over order in which try different ciphers (to prevent choosing weaker cipher), part of measures to prevent so called BEAST attack