30 days of ADM: Day 25 October 21, 2022
Simple SSL security with A+++
I am back, it is day 25.
Trying to stay secure is a constant battle, Go Canucks! You need to be up for it everyday, as in IT things can change quickly. When talking to anyone about webservices, when the conversation turns to TLS/SSL it gets technical very quickly. It can be a challenge as there are so many parts to it.
Talking technical is okay, but sometimes you need a simple way to measure things.
Someone came up with a system for measuring SSL.
Let us tap into that!
You have been selected for a training course in Citrix ADM, the goal is to provide you with enough information to be actually dangerous when talking to a customer or client. 30 days is a bit of an arbitrary number, but I am prepared to give you 2minutes of material, can I get 2 minutes of your time?
I have talked about Fleet management, general analytics, security analytics, AI / ML, Stylebooks, Pooled Capacity, instance advisory upgrade, security advisory, Autoscaling, onboarding, RESTful API, CADS self-managed, Service Graph, Web Transaction Analytics, Config Jobs, Network Reporting, SSL Dashboard, RBAC, event handling, config drift, WAF learning, the overview & Gateway insights dashboards and On-Prem vs cloud ADM
Today is all about A+ SSL ratings
Honestly, what are you talking about?
A few days ago, I talked about the SSL Dashboard, part of that piece involved some of the specifics about TLS and SSL standards. Naturally, the Dashboard is pretty and the specifics of SSL/TLS can be a dry subject. Today, this piece is about the other way to assess your relative web encryption security.
The A+ is a rating system that tells you how good or bad your security is. Obviously, the better your ‘grade’ the more secure you are.
The browser manufacturers will change their preferred cipher support from time to time as part of the continuous improvement of their software. This is a moving target!
So what? What problem does it solve?
Using ADM you can look at your web service and check a box to get A+. Everyone wants to have a good score!
The scores are:
· A+ - Exceptionally high-quality configuration.
· A - Providing strong commercial security. Scoring 80 or above.
· B - Equates to having sufficient security with modern clients, potentially obsolete security used with older clients, plus the potential for smaller configuration problems occurring. Scoring 65 or above.
· C - This means the configuration is out dated and uses obsolete security methods with modern clients, with the potential for bigger configuration problems occurring. Scoring 50 or above.
Who would be interested in this?
Almost any customer uses NetScaler within their infrastructure to provide an internet-based service. That’s everyone, right?
Let me have an example of its use.
Working with my colleague, Ash we had a conversation with a client. Using a public website, Ash scanned the customers’ own public presence. They got a B! We need something to make the process easy for you to get the same.
ADM allows you to see which Virtual servers are A and which are not. As shown in the SSL rating column below.
I get a B (or worse), how do I sort that out?
Ok, so you have a B, hit the big button marked – Upgrade me!
Is that it? Pretty much.
What else?
It is possible to see what is needed, so to break out the details of what is stopping you from getting an A+, as shown here.
Summary
Improving the security with some easy to understand metrics can be a powerful option. This will help you stay on top of your environment. With tools like this, you can save time and ensure that you get back to high-value tasks.
Ultimately, it is another killer feature that is enabled with ADM service.
It is free too.
What’s not to like?