Project 4-1: Using SSL Server and Client Tests In this project, you will use online tests to determine the security of web servers and your local web browser. 1. Go to www.ssllabs.comm Note It is not unusual for websites to change the location of where files are stored. If the URL above no longer functions, open a search engine and search for "Qualys SSL Server Test". 2. Click Test your server>> 3. Click the first website listed under Recent Best-Rate. Note the grade given for this site. Under Summary note the Overall Rating al the scores for Certificate, Protocol Support, Key Exchange, and Cipher Stren 4. which make up the cipher suite If this site did not receive an Overall Rating of A under Summary, you will se reasons listed. Read through these. Would you agree? Why? ormation. tion . What 6. Scroll down through the document and read through the certificate #1 inf Note the information supplied regarding the digital certificates. Under Ce Paths click Click here to expand if necessary to view the certificate chaining you tell about it? Scroll down to Configuration. Note the list of protocols supported and not su this site was to increase its security, which protocols should it no longer support? Whvo Can 8. Under Cipher Suites interpret the suites listed. Notice that they are given in server-preferred order. In order to increase its security, which cipher suite should be listed first? Why? Under Handshake Simulation select the web browser and operating system that you are using or is similar to what you are using. Read through the capabilities of this client interacting with this web server. Note particularly the order of preference of the cipher suites. Click the browser's back button when finished 9. 10. Scroll to the top of the page, then click Scan Another>>. 11. This time select one of the Recent Worst-Rated sites. As with the previous excellent example, now review the Summary, Authentication, Configuration, Cipher Suites and Handshake Simulation. Would you agree with this site's score? 12. If necessary, return to the SSL Report page and click Scan Another >>. 13. Enter the name of your school or work URL and generate a report. What score did it receive? 14. Review the Summary, Authentication, Configuration, Cipher Suites, and Handshake Simulation. Would you agree with this site's score? ke a list of the top five vulnerabilities that you believe should be addressed in order of priority. If possible, share this with any IT personnel who may be able to take act 16. Click Projects 17. Now test the capabilities of your web browser. Click SSL Client Test. Review the ion. capabilities of your web browser. Print or take a screen capture of this page. 18. Close this web browser 19. Now open a different web browser on this computer or on another computer 20. Return to www.sslabs.com and click Projects and then SSL Client Test to compare uwseris beste? wiy? 21. Close all windows Project 4-1: Using SSL Server and Client Tests In this project, you will use online tests to determine the security of web servers and your local web browser. 1. Go to www.ssllabs.comm Note It is not unusual for websites to change the location of where files are stored. If the URL above no longer functions, open a search engine and search for "Qualys SSL Server Test". 2. Click Test your server>> 3. Click the first website listed under Recent Best-Rate. Note the grade given for this site. Under Summary note the Overall Rating al the scores for Certificate, Protocol Support, Key Exchange, and Cipher Stren 4. which make up the cipher suite If this site did not receive an Overall Rating of A under Summary, you will se reasons listed. Read through these. Would you agree? Why? ormation. tion . What 6. Scroll down through the document and read through the certificate #1 inf Note the information supplied regarding the digital certificates. Under Ce Paths click Click here to expand if necessary to view the certificate chaining you tell about it? Scroll down to Configuration. Note the list of protocols supported and not su this site was to increase its security, which protocols should it no longer support? Whvo Can 8. Under Cipher Suites interpret the suites listed. Notice that they are given in server-preferred order. In order to increase its security, which cipher suite should be listed first? Why? Under Handshake Simulation select the web browser and operating system that you are using or is similar to what you are using. Read through the capabilities of this client interacting with this web server. Note particularly the order of preference of the cipher suites. Click the browser's back button when finished 9. 10. Scroll to the top of the page, then click Scan Another>>. 11. This time select one of the Recent Worst-Rated sites. As with the previous excellent example, now review the Summary, Authentication, Configuration, Cipher Suites and Handshake Simulation. Would you agree with this site's score? 12. If necessary, return to the SSL Report page and click Scan Another >>. 13. Enter the name of your school or work URL and generate a report. What score did it receive? 14. Review the Summary, Authentication, Configuration, Cipher Suites, and Handshake Simulation. Would you agree with this site's score? ke a list of the top five vulnerabilities that you believe should be addressed in order of priority. If possible, share this with any IT personnel who may be able to take act 16. Click Projects 17. Now test the capabilities of your web browser. Click SSL Client Test. Review the ion. capabilities of your web browser. Print or take a screen capture of this page. 18. Close this web browser 19. Now open a different web browser on this computer or on another computer 20. Return to www.sslabs.com and click Projects and then SSL Client Test to compare uwseris beste? wiy? 21. Close all windows