Operation Ghastly Wealth directs DOD Components – all AO Commands and Directorates – to take appropriate security actions on DOD public-facing websites to protect DOD users and the DODIN. Follow along as F5 Networks gives you a hands-on demo of how to meet all of the technical elements of this task order:
- Eliminate weakly encrypted protocols, ciphers, and certificates.
- Implement Redirection to HTTPS. Redirect all unencrypted HTTP protocol requests to Internet facing web servers, web services, and RWPs to use the encrypted HTTPS protocol.
- Remove and upgrade outdated web servers and related software. Remove products and components of Internet facing web servers, web services, web application firewalls (WAF), and reverse web proxies (RWP) that are no longer supported by the vendor and upgrade to a supported version or alternate supported product.
- Utilize commercial publicly trusted certificates. Obtain and use publicly trusted server authentication certificates that are trusted by default on common web browsers for Internet facing web servers, web services, and reverse web proxies (RWP) which regularly connect to non-DoD personnel and organizations.
- Implement HTTP Strict Transport Security (HSTS).
- Implement a Web Application Firewall (WAF).