" apache Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘apache’

TLS 1.0 to 1.2 and NIST TLS Cipher Updates: Email Program and Web Browser Compatibility Issues

Thursday, June 7th, 2018

It happens at least every few years: system administrators need to update the security configuration of their servers to keep up with the latest best practices and to close newly found security issues(i.e., via changes to recommended TLS ciphers and protocols).  These updates can be rocky. Change often introduces incompatibilities that prevent certain systems or programs from being able to connect to the updated systems.

TLS Encryption Compatibility

In this article we are going to look at what email program an web browser incompatibilities arise when you migrate from using the “old standard:” TLS v1.0+ and the ciphers recommend by NIST 800-52r1 to using either TLS v1.0+ and the new NIST 800-52r2 ciphers or TLS v1.2+ and the new NIST 800-52r2 ciphers.

Why?

  1. PCI requires that servers that need to be PCI complaint use only TLS v1.1+ (which really means v1.2+) by the end of June, 2018.
  2. NIST 800-52r2 is in draft, but its updated cipher list removes many ciphers from revision 1 that are now considered “weak” and introduces a number of new, better ciphers.  Administrators should be moving towards NIST 800-52r2 cipher support as a best practice.
  3. Organizations that require HIPAA compliance should also follow the NIST guidelines and prepare NIST 800-52r2 support and, where possible, eventually eliminate pre-TLS 1.2 support. See: What level of TLS is required for HIPAA compliance?

Read the rest of this post »

256-bit AES Encryption for SSL and TLS: Maximal Security

Wednesday, February 4th, 2015

SSL and TLS are the workhorses that provide the majority of security in the transmission of data over the Internet today. However, most people do not know that the degree of security and privacy inherent in a “secure” connection of this sort can vary from “almost none” to “really really good … good enough for US government TOP SECRET data”.  The piece which varies and thus provides the variable level of security is the “cipher” or “encryption technique”.  There are a large number of different ciphers — some are very fast and very insecure.  Some are slower and very secure.  Some weak ones (export-grade ciphers) are around from the days when the USA did not permit the export of decent security to other countries.

AES, the Advanced Encryption Standard, is a relatively new encryption technique/cipher that is the successor of DES.  AES was standardized in 2001 after a 5 year review, and is currently one of the most popular algorithms used in symmetric key cryptography (which, for example, is used for the actual data transmission in SSL and TLS).  It is also the “gold standard” encryption technique; many security-conscious organizations actually require that their employees use AES-256 (256-bit AES) for all communications.

This article discusses AES, its role in SSL, which web browsers and email programs support it, how you can make sure that you only use 256-bit AES encryption of all secure communications, and more.

Read the rest of this post »

Reports: Web Site Analytics and Logs at LuxSci

Tuesday, September 11th, 2012

LuxSci captures log files and creates automatic basic web site analytic reports for its web hosting customers.  This article provides an overview of what reports are available, where to access them, and recommendations for getting more advanced web site analytics.

Read the rest of this post »

LUXSCI