Maintaining security is essential when we connect to the network, use services or devices. There are many attacks that we can suffer, but there are also many tools that we can take into account to protect ourselves. Do not make mistakes, use updated systems and programs such as antivirus is essential. In this article we echo a guide that the NSA has released to correctly use encryption protocols.
The NSA indicates how to use encryption protocols
Whenever we browse the web, the sites we visit have an encryption protocol to maintain security and prevent user information from being leaked. Now, these protocols are different and not all of them will protect in the same way. Some are outdated and could be exploited.
First they mention the danger of using the risks of exposing confidential data when using an outdated TLS protocol. This would allow the decryption of the traffic via Man-in-The-Middle attacks . Something that, logically, compromises the privacy of users.
In this sense, the NSA recommends that only TLS 1.2 and 1.3 encryption protocols be used and that SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 be avoided. It should be noted that there are still web pages that use this type of protocols considered insecure, despite the fact that some browsers even launch a warning that this page is dangerous.
The NSA indicates that there is a false sense of security when any type of encryption is used, even though it is outdated and may represent a significant threat. Hence the importance of blocking those versions of TLS that are not secure and using encryption and key exchange methods to properly protect network traffic.
Aimed at professionals and users
This security guide is intended for those most responsible for national cybersecurity, but also for any analyst and network administrator. It is designed to guide, to improve security and to allow only strong ciphers that protect properly.
They indicate that there are many risks associated with weak encryption caused by outdated TLS protocols. Hence the importance that anyone should take into account that it is essential to use ciphers that are up to date and do not have any vulnerability.
This guide, as well as tools to use, are available to anyone through GitHub . Therefore, any individual user can take these recommendations into account and it is not only available to companies and cybersecurity managers.
It should be noted that some browsers such as Chrome or Firefox have been progressively withdrawing the older protocols and that they can be a problem. Hence, if we enter a page that has a TLS 1.0 encryption, for example, a message will appear indicating that it is not secure. You can see which TLS version a website uses.
Ultimately, having the latest encryption protocols is essential to maintain security. There are many attacks that we can suffer and it is through browsing one of the common ways that information is leaked. We also leave you a tutorial to maintain privacy when browsing.