Server harderning SSL & TLS connection on Windows Server with IIS Crypto 2.0

Hardening your SSL/TLS connections is very common thing to do on any Windows Server running IIS that utilize HTTPS to ensure your secure connections really are secure.

ssllabs

IIS Crypto 2.0 definitely make your life easier. Just apply the best practices.

iiscrypto2

Reference: https://www.nartac.com/Products/IISCrypto

Advertisements

How to Fix Error ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY on Chrome Browser

Overview

The following error occurs when accessing https using Google Chrome:

ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY

chromeerr

Environment

  • IIS 8.0 & above, Windows Server 2016

Resolution

  1. Open the registry editor.
  2. ON the server, navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
  3. Create the following entries:

EnableHttp2Tls REG_DWORD 0

EnableHttp2Cleartext REG_DWORD 0

fixchromeissue

  1. Reboot the server.

CISSP–Certified Information System Security Professional (10 Common Body of Knowledge)

CBK 1 – Access Control

Authentication
Centralized Access Control
Models & Techniques

CBK 2 – Telecommunications & Network Security

7 OSI Layers
Firewall
VPN
Attacks

CBK 3 – Information Security Governance & Risk Management

Policies & Risks
Reducing Risks

CBK 4 – Software Development Security

Databases
Development Life Cycle

CBK 5 – Cryptography

Symmetric Cryptography
Asymmetric Cryptography

CBK 6 – Security Architecture and Design

System Evaluation
Security Models
Availability & Integrity

CBK 7 – Security Operations

IDS/IPS
Control Types
Separation of Duties
Backups & Malware

CBK 8 – Business Continuity and Disaster Recovery Planning

Plan B

CBK 9 – Legal, Regulations, Investigations, and Compliance

Evidence
Law
Investigation

CBK 10 – Physical (Environmental) Security

Fire
Physical Controls
Power & Location

To find out HTTP METHODS allowed on web server.

1. Telnet to webserver on Port 80
2. type "OPTIONS / HTTP/1.1" press enter
3. "Host: website address" press enter 2x

E.g.

C:>telnet http://www.test.com http
OPTIONS / HTTP/1.1
Host: http://www.test.com

Working with UrlScan

http://www.iis.net/learn/extensions/working-with-urlscan

Download: