NSA Recommends the Use of TLS 1.2 or TLS 1.3 as Other TLS Versions Prove Obsolete

Topline

Earlier this month, The US National Security Agency (NSA) announced in a security advisory that obsolete versions of the Transport Layer Security (TLS) should be replaced. This guidance was issued for system administrators across federal agencies such as the Department of Defense (DoD), National Security System (NSS), and Defense Industrial Base (DiB).

In the report released on January 5, they were quick to add that “Obsolete configurations provide adversaries access to sensitive operational traffic using a variety of techniques, such as passive decryption and modification of traffic through man-in-the-middle attacks”

The NSA issued guidance against using older protocol versions and ensured that only TLS 1.2 and TLS 1.3 be adopted for security as other versions are now flawed
The NSA issued guidance against using older protocol versions and ensured that only TLS 1.2 and TLS 1.3 be adopted for security as other versions are now flawed
Key Facts
  1. 1

    Secure Socket Layer (SSL) and Transport Layer Security (TLS) are known as the protocol that gives encryption and privacy for authentication and data integrity between two communicating computer applications.

  2. 2

    SSL, TLS 1.0, and TLS 1.1 have now been considered deprecated and systems still relying on these protocols for security can be exposed at any moment.

  3. 3

    In its newly released advisory, the NSA warns that new attacks against TLS protocols are being discovered and organizations should make use of the latest security protocols (TLS 1.2 or TLS 1.3 ).

  4. 4

    The cybersecurity agency in the US also published a list of tools to aid security experts with the task of identifying systems in their network still running on these obsolete protocols.

  5. 5

    The NSA advisory, published on January 5, was echoed on the 19th by the agency's counterpart within the Netherlands, the Dutch National Cyber Security Center.

Details

Delicate and significant information requires solid securities inside electronic frameworks and transmissions. Ensured transmissions utilize a private, secure channel between a server and a client to communicate. Transport Layer Security (TLS) and Secure Sockets Layer 2 (SSL 2.0) were created as conventions to make these ensured channels utilize encryption and overall authentication. Older versions of these protocols are now weak and have depleted in many already existing services and applications online.

Over time, It was discovered that new methods of attacks against TLS and its known algorithms became rampant, and for this reason, the NSA has recommended that only TLS 1.2 and TLS 1.3 should be used, rendering SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 redundant. The agency’s first step was to identify obsolete configurations still in use in government systems across the USA by highlighting clients and servers using the older TLS versions and then make test runs with old cipher codes and weak key exchange methods.

Steps for remediation have also been suggested for security experts and analysts, depending on the organization, network monitoring devices can be set up to give alerts to clients or servers that bargain obsolete TLS or want to use it to block weak TLS traffic. It is also worth mentioning that TLS is dependent on the right use of certificates. The use of compromised, weak, or revoked certificates can lead to attacks even with the protocol properly implemented. The use of this guidance will ensure that cybersecurity experts and government network owners will make informed and improved decisions to reduce their risk exposure and hinder incoming malicious threats.

The agency also added that “Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not”.

“This will also help organizations prepare for cryptographic agility to always stay ahead of malicious actors’ abilities and protect important information. Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not,” the NSA makes mention.

Supported Protocols and Obsolete Protocols in a nutshell

  • TLS 1.2 (Supported)
  • TLS 1.3 (Supported)
  • TLS 1.0 (Not Supported)
  • TLS 1.1 (Not Supported)
  • SSL v2 (Not Supported)
  • SSL v3 (Not Supported)

In other similar news, the Dutch National Cyber Security Centre (NCSC) also provided an update future-proofing the TLS configurations using TLS 1.3, aimed at securing network connections.

Using obsolete encryption provides a false sense of security because it seems as though sensitive data is protected, even though it really is not.
avatar
NSA
The National Security Agency is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (Wikipedia)
Share this news with your followers / Subscribe to our newsletter
AllEbooksFBADSquare.png
Learn Cloud Native Technologies

Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png
DevOps and the Alternative Cloud Research Report

Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png
Listen to the stories behind the stories and learn new things each week

The DevOps FAUNCast

linode2.jpg
The Cloud Computing Golden Ratio

Discover the golden ratio of price to performance

FAUN.png
The all-in-one cloud security platform for developers

Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies
Sponsor The Chief I/O

Get in touch!

AllEbooksFBADSquare.png

Learn Cloud Native Technologies
Learn by doing. Check our discounts!

DevOps-and-Alt-Cloud-350x350.png

DevOps and the Alternative Cloud Research Report
Insights into the capabilities developers expect from cloud infrastructure providers

The DevOps FaunCast.png

Listen to the stories behind the stories and learn new things each week
The DevOps FAUNCast

linode2.jpg

The Cloud Computing Golden Ratio
Discover the golden ratio of price to performance

FAUN.png

The all-in-one cloud security platform for developers
Try Bridgecrew for free!

Content Marketing Platform for Cloud Native Companies

Sponsor The Chief I/O
Get in touch!

Top stories this week
AWS SG rules thumbnail.png

AWS Security Group Rules : small changes, bitter consequences

Making the Most of CloudWatch Log Insights_ 7 Best Practices.jpeg

Making the Most of CloudWatch Log Insights: 7 Best Practices

SRE Leaders Panel: Business Agility is what matters, SRE can help you get there

SRE Leaders Panel: Business Agility is what matters, SRE can help you get there

Top news this week
This program entails delivering compute management in edge locations, education on supporting projects and foundations

Linux Foundation Collaborates With the CNCF to Deliver Free Kubernetes Tutelage

Microsoft Azure users can now scale and manage clusters easily for the first time

Kinvolk, the Flatcar Container Linux developer is Microsoft’s latest acquisition since ZeniMax Media

Heading into 2021, Vitess has strived to create automated sequences running a popular database framework

Vitess 10 Made Generally Available

Free guides & whitepapers
CFX BG.jpg

Leading Healthcare Provider in the US gets real-time visibility with CloudFabrix AIOps 2.0

Istio - This is what you need to know

Istio - This is what you need to know

Kubernetes 101

Kubernetes 101

The Guide To Kubernetes

Kubernetes For The Busy Developer