Enhancing Server Security : Comprehensive Cryptography Options with EyeDown

Options

1. Force requirement of strong Diffie-Hellman key

   • Description: Enforces the use of strong Diffie-Hellman keys, essential for secure key exchange in cryptographic protocols. Diffie-Hellman is a method of securely exchanging cryptographic keys over a public channel.
   • Usage: Crucial for any server setup, including Apache and IIS, to enhance security during the key exchange process.

2. Enable strong RSA key requirement

   • Description: Ensures the use of strong RSA keys for encryption and decryption processes. RSA (Rivest–Shamir–Adleman) is a widely used encryption algorithm that relies on the computational difficulty of factoring large numbers.
   • Usage: Important for servers that handle sensitive data, ensuring robust encryption standards.

3. Enable strong authentication for .NET applications using TLS 1.2

   • Description: Enforces strong authentication for .NET applications using TLS 1.2, a protocol that ensures data privacy and integrity between applications.
   • Usage: Critical for securing .NET applications that rely on TLS for secure communications.

4. Disable RC2 encryption

   • Description: Disables the RC2 cipher, known for its vulnerabilities. RC2 is a symmetric-key block cipher that is considered outdated and insecure.
   • Usage: Enhances security by preventing the use of outdated and insecure encryption methods on servers.

5. Disable RC4 encryption

   • Description: Disables the RC4 cipher, which has known weaknesses. RC4 is a stream cipher that is no longer considered secure.
   • Usage: Protects data integrity by eliminating the use of compromised encryption algorithms.

6. Disable DES encryption

   • Description: Disables the DES cipher, an outdated encryption method with vulnerabilities. DES (Data Encryption Standard) is a symmetric-key algorithm for the encryption of digital data.
   • Usage: Ensures the server uses more secure encryption standards to protect data.

7. Disable 3DES encryption

   • Description: Disables the 3DES cipher, which is no longer considered secure. 3DES (Triple DES) applies the DES cipher algorithm three times to each data block.
   • Usage: Prevents the use of deprecated encryption methods, strengthening server security.

8. Disable null cipher

   • Description: Disables the use of null ciphers, which offer no encryption.
   • Usage: Critical for maintaining the confidentiality of data transmitted over the network.

9. Disable SSLv2

   • Description: Disables Secure Sockets Layer (SSL) version 2, an outdated protocol with significant vulnerabilities.
   • Usage: Enhances security by ensuring SSLv2, which has significant vulnerabilities, is not used.

10. Disable SSLv3

    • Description: Disables Secure Sockets Layer (SSL) version 3, an older protocol with known security issues.
    • Usage: Prevents the use of the outdated SSLv3 protocol, ensuring more secure communications.

11. Disable MD5 hashing function

    • Description: Disables the MD5 hashing algorithm, which has known vulnerabilities. MD5 (Message-Digest Algorithm 5) produces a 128-bit hash value and is no longer considered secure for most purposes.
    • Usage: Important for servers that require secure hashing methods to protect data integrity.

12. Disable SHA1

    • Description: Disables the SHA1 hashing algorithm, which is considered weak. SHA1 (Secure Hash Algorithm 1) produces a 160-bit hash value and has vulnerabilities that make it unsuitable for further use.
    • Usage: Ensures the server uses stronger hashing algorithms to safeguard data.

13. Block response to renegotiation requests

    • Description: Prevents the server from responding to TLS renegotiation requests, which can be exploited. Renegotiation in TLS allows for refreshing keys without disrupting an existing session, but has known security issues.
    • Usage: Enhances the security of TLS connections on servers, protecting against certain types of attacks.

14. Disable DTLS 1.0

    • Description: Disables Datagram Transport Layer Security (DTLS) 1.0, a protocol based on TLS that provides privacy for datagram-based applications.
    • Usage: Ensures the server uses more recent and secure versions of DTLS for data transmission.

15. Disable DTLS 1.1

    • Description: Disables Datagram Transport Layer Security (DTLS) 1.1, an updated version of DTLS 1.0 with additional security features.
    • Usage: Prevents the use of older DTLS versions, favoring more secure options.

16. Enable DTLS 1.3

    • Description: Enables Datagram Transport Layer Security (DTLS) 1.3, the latest and most secure version.
    • Usage: Ensures the server uses the most up-to-date and secure DTLS protocol for communications.

17. Disable TLS 1.0

    • Description: Disables Transport Layer Security (TLS) 1.0, an older version of the TLS protocol.
    • Usage: Enhances security by ensuring only newer, more secure versions of TLS are used.

18. Disable TLS 1.1

    • Description: Disables Transport Layer Security (TLS) 1.1, an updated version of TLS 1.0.
    • Usage: Ensures the server uses TLS 1.2 or later, providing stronger security for data transmissions.

19. Enable TLS 1.3

    • Description: Enables Transport Layer Security (TLS) 1.3, the latest and most secure version.
    • Usage: Ensures the server uses the most advanced and secure TLS protocol.