07 January 21, 11:18
Quote:The National Security Agency (NSA) is lighting a fire under system administrators who are dragging their feet to replace insecure and outdated Transport Layer Security (TLS) protocol instances.
The agency this week released new guidance and tools to equip companies to update from obsolete older versions of TLS (TLS 1.0 and TLS 1.1) to newer versions of the protocol (TLS 1.2 or TLS 1.3).
TLS (as well as its precursor, Secure Sockets Layer, or SSL) was developed as a protocol aimed to provide a private, secure channel between servers and clients to communicate. However, various new attacks against TLS and the algorithms it uses have been revealed – from Heartbleed to POODLE – rendering the older versions of the protocol insecure.
“The standards and most products have been updated, but implementations often have not kept up,” said the NSA in its guidance this week. “Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. As a result, all systems should avoid using obsolete configurations for TLS and SSL protocols.”
Read more: https://threatpost.com/nsa-urges-sysadmi...ls/162814/