Over time we find we encounter the same vulnerabilities and security issues over and over again. In our remediation guides, we details how to fix these commonly occuring issues.
On many vulnerability scans we see SSH being reported as a medium risk vulnerability due to insecure ciphers and poor configurations. In penetration tests we often find we are able to use SSH once we have a set of user credentials, especially where the service is linked through to a centralised password management solution such as Active Directory.
Apache is probably the most common webserver used and despite there being well documented guides on how to secure apache, we come across web server header issues and very poor SSL configurations on a daily basis. To aid in the remediation, here is Peter Bassill’s recommended configuration for the apache global security file, /etc/apache/conf-enabled/security.conf:
A very common issue seen in vulnerability scan reports and to an extent, on Penetration Tests. The risk posed by clickjacking varies by who you
Nessus Summary Nessus Plugin ID: 42873CVSS v3.0 Base Score: 5.3 Nessus Description:The remote host supports the use of SSL ciphers that offer medium strength encryption.