"NSA Releases Guidance on Obsolete Encryption Tools"
The National Security Agency (NSA) released guidance for the Department of Defense, other U.S. federal government agencies, and supporting contractors on the replacement of obsolete Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols used to encrypt network traffic traversing between servers. The use of deprecated forms of TLS or SSL for traffic sessions leave networks vulnerable to decryption and sensitive data exposure. NSA recommends that organizations only use TLS 1.2 or TLS 1.3 versions of the protocol. Organizations are also encouraged to avoid using SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 versions since they are now outdated. The guidance provided by NSA also covers detection strategies that network security analysts can apply to identify the use of obsolete TLS protocols, cipher suites, and more. This article continues to discuss NSA's recommendations concerning the replacement of old TLS and SSL protocols, in addition to past discoveries surrounding threat actors' methods to circumventing TLS encryption or weaponizing the protocol.
BankInfoSecurity "NSA Releases Guidance on Obsolete Encryption Tools"