Top Threats

NSA Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations 20200105

  • 1.  NSA Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations 20200105

    Posted Jan 07, 2021 08:05:00 AM
    Hi All,

    NSA just published Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations.

    Additional guidance for detecting obsolete TLS traffic, including network signatures, links to helpful tools, and
    sample configurations is available at https://github.com/nsacyber/Mitigating-Obsolete-TLS.

    The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that
    utilize strong encryption and authentication to protect all sensitive information. Over time, new attacks against Transport
    Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols
    are at an elevated risk of exploitation by adversaries.
    Sensitive and valuable data requires strong protections within electronic systems and transmissions. TLS and Secure
    Sockets Layer (SSL) was developed as the protocol to create private, secure channels between a server and client using
    encryption and authentication. While the standards and most products have been updated, implementations often have
    not kept up.
    The accompanying, full-length guidance helps network administrators and security analysts make a plan on how to weed
    out obsolete TLS configurations in the environment by detecting, prioritizing, remediating, and then blocking obsolete TLS
    versions, cipher suites, and finally key exchange methods. This will also help organizations prepare for cryptographic
    agility to always stay ahead of malicious actors' abilities and protect important information.
    Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected,
    even though it really is not. The NSA previously released urgent guidance indicating obsolete and otherwise weak TLS
    protocol implementations were being observed, and threat intelligence stating that "nation-state and sufficiently resourced
    actors are able to exploit these weak communications." However, obsolete TLS configurations are still in use in U.S.
    Government systems. Obsolete configurations provide adversaries access to sensitive operational traffic using a variety of
    techniques, such as passive decryption and modification of traffic through man-in-the-middle attacks

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------