Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis.
On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the service is linked through to a centralised password management solution such as Active Directory.
Originally copied from https://voorburg.home.xs4all.nl/backup.html about 10 years ago. Still good.
Implementing SMB signing should be done with care. An excellent guide to implementing SMB signing can be found on Jose Barreto’s blog here.
This vulnerability is cased by a RSA key of less than 2048 bits in length being present. Fixing this is simple.
This vulnerability is cased by a RC4 cipher suite present in the SSL cipher suite. Fixing this is simple.
This vulnerability is cased by a weak strength cipher being present in the SSL cipher suite. Weak strength is defined within Nessus as any cipher that is less than 64-bit. Fixing this is simple.
Null cipher suites is where a zero level of encryption is acceptable. This is totally unacceptable in any environment and should be fixed as soon as possible.
This vulnerability is cased by a medium strength cipher being present in the SSL cipher suite.