NSA Recommends the Use of TLS 1.2 or TLS 1.3 as Other TLS Versions Prove Obsolete

TL;DR

Earlier this month, The US National Security Agency (NSA) announced in a security advisory that obsolete versions of the Transport Layer Security (TLS) should be replaced. This guidance was issued for system administrators across federal agencies such as the Department of Defense (DoD), National Security System (NSS), and Defense Industrial Base (DiB).

In the report released on January 5, they were quick to add that “Obsolete configurations provide adversaries access to sensitive operational traffic using a variety of techniques, such as passive decryption and modification of traffic through man-in-the-middle attacks”

The NSA issued guidance against using older protocol versions and ensured that only TLS 1.2 and TLS 1.3 be adopted for security as other versions are now flawed
The NSA issued guidance against using older protocol versions and ensured that only TLS 1.2 and TLS 1.3 be adopted for security as other versions are now flawed
Key Facts
  1. 1

    Secure Socket Layer (SSL) and Transport Layer Security (TLS) are known as the protocol that gives encryption and privacy for authentication and data integrity between two communicating computer applications.

  2. 2

    SSL, TLS 1.0, and TLS 1.1 have now been considered deprecated and systems still relying on these protocols for security can be exposed at any moment.

  3. 3

    In its newly released advisory, the NSA warns that new attacks against TLS protocols are being discovered and organizations should make use of the latest security protocols (TLS 1.2 or TLS 1.3 ).

  4. 4

    The cybersecurity agency in the US also published a list of tools to aid security experts with the task of identifying systems in their network still running on these obsolete protocols.

  5. 5

    The NSA advisory, published on January 5, was echoed on the 19th by the agency's counterpart within the Netherlands, the Dutch National Cyber Security Center.

Details

Delicate and significant information requires solid securities inside electronic frameworks and transmissions. Ensured transmissions utilize a private, secure channel between a server and a client to communicate. Transport Layer Security (TLS) and Secure Sockets Layer 2 (SSL 2.0) were created as conventions to make these ensured channels utilize encryption and overall authentication. Older versions of these protocols are now weak and have depleted in many already existing services and applications online.

Over time, It was discovered that new methods of attacks against TLS and its known algorithms became rampant, and for this reason, the NSA has recommended that only TLS 1.2 and TLS 1.3 should be used, rendering SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 redundant. The agency’s first step was to identify obsolete configurations still in use in government systems across the USA by highlighting clients and servers using the older TLS versions and then make test runs with old cipher codes and weak key exchange methods.

Steps for remediation have also been suggested for security experts and analysts, depending on the organization, network monitoring devices can be set up to give alerts to clients or servers that bargain obsolete TLS or want to use it to block weak TLS traffic. It is also worth mentioning that TLS is dependent on the right use of certificates. The use of compromised, weak, or revoked certificates can lead to attacks even with the protocol properly implemented. The use of this guidance will ensure that cybersecurity experts and government network owners will make informed and improved decisions to reduce their risk exposure and hinder incoming malicious threats.

The agency also added that “Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not”.

“This will also help organizations prepare for cryptographic agility to always stay ahead of malicious actors’ abilities and protect important information. Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not,” the NSA makes mention.

Supported Protocols and Obsolete Protocols in a nutshell

  • TLS 1.2 (Supported)
  • TLS 1.3 (Supported)
  • TLS 1.0 (Not Supported)
  • TLS 1.1 (Not Supported)
  • SSL v2 (Not Supported)
  • SSL v3 (Not Supported)

In other similar news, the Dutch National Cyber Security Centre (NCSC) also provided an update future-proofing the TLS configurations using TLS 1.3, aimed at securing network connections.

Using obsolete encryption provides a false sense of security because it seems as though sensitive data is protected, even though it really is not.
avatar
NSA
The National Security Agency is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (Wikipedia)

Get similar sotries in your inbox weekly, for free

Is this news interesting? Share it with your followers
AllEbooksFBADSquare.png
Learn Cloud Native Technologies

Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png
DevOps and the Alternative Cloud Research Report

Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png
Listen to the stories behind the stories and learn new things each week

The DevOps FAUNCast

linode2.jpg
The Cloud Computing Golden Ratio

Discover the golden ratio of price to performance

FAUN.png
The all-in-one cloud security platform for developers

Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies
Sponsor The Chief I/O

Get in touch!

AllEbooksFBADSquare.png

Learn Cloud Native Technologies
Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png

DevOps and the Alternative Cloud Research Report
Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png

Listen to the stories behind the stories and learn new things each week
The DevOps FAUNCast

linode2.jpg

The Cloud Computing Golden Ratio
Discover the golden ratio of price to performance

FAUN.png

The all-in-one cloud security platform for developers
Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies

Sponsor The Chief I/O
Get in touch!

Top news this week
OpenAI Codex has a superior understanding of popular coding methods.

Github Copilot: Microsoft's Advanced Investment in Automatic Coding

CodeGuru Reviewer comes in at the beginning of software production, while the latter comes in during operation

Code Quality and Security Ensured With CI/CD Experience for Github Actions

Nvidia expended 80 top drawer AI software A100 graphics card, the DGX A100 to Cambridge-1

NVIDIA Takes AI Initiative With a Supercomputer To Support UK Healthcare

Training and optimizing a machine learning model - a very demanding task, has now become simplified.

IBM Launches Codeflare, An Open Source Machine Learning Workflow Catalyst

The average figure for the number of Kubernetes clusters constantly in production is 2.5%.

Cloud-Native Report 2021 Elucidates Kubernetes Challenges

This new version comes with a bag of new advancements that delivers functions that are not on the old versions.

Kubernetes: Lens 5.0 Delivers Cloud in 4k

With it is a bulky stack of automation tools that support multi-vendor software-based networking.

IBM Launches AI-Powered Automation Software

Free guides & whitepapers
CFX BG.jpg

Leading Healthcare Provider in the US gets real-time visibility with CloudFabrix AIOps 2.0

Istio - This is what you need to know

Istio - This is what you need to know

Kubernetes 101

Kubernetes 101

The Guide To Kubernetes

Kubernetes For The Busy Developer