Internet Security

CIS benchmarks and system hardening

CIS benchmarks and system hardening

These days system hardening is one area Infosec professionals give more importance. But how will we evaluate that our system configurations are good enough.  This is where CIS security benchmarks can help you. CIS (Center of Internet Security) is an independent organization that constantly reviews system configuration setting across multiple vendors.

CIS benchmarks division was formed in October 2000, and it is a not for profit consortium of users, security consultants, and vendors of security software (members).   They focused on enhancing the cyber security readiness and response of public and private sector entities. Through consensus, the CIS Security Benchmarks division provides frameworks to help organizations bolster their security.

According to CIS website, they define the program as below

Google to Disable Weak SSLv3 and RC4 Protocols to Boost Internet Security

It is finally time to say GoodBye to the old and insecure Web security protocols.


Citing the long history of weaknesses in the Secure Sockets Layer (SSL) 3.0 cryptographic protocol and the RC4 Cipher Suite, Google plans to disable support for both SSLv3 as well as RC4 stream cipher in its front-end servers.

While announcing on its official blog, the Search Engine giant said the company is looking to put away SSLv3 and RC4 in all of its front-end servers, and eventually, in all its software including Chrome, Android, Web crawlers, and email servers.


The move by Google came as no surprise, considering the fact that both RC4 and SSLv3 have been deemed unsecure by the Internet Engineering Task Force (IETF).


Subscribe to RSS - Internet Security