The National Security Agency (NSA) has warned about risks posed by obsolete encryption protocols and offered a cybersecurity information sheet for identifying and replacing outdated Transport Layer Security or Secure Sockets Layer configurations that could be used for decryption and exploitation of sensitive data.
The cybersecurity guidance, titled "Eliminating Obsolete TLS Protocol Configurations", is put together to assist network administrators and security analysts within the National Security System, Department of Defense and defense industrial base in detecting, prioritizing and remediating legacy protocol configurations and then blocking said network vulnerabilities, NSA said Tuesday.
NSS TLS protocols are required by a Committee on National Security Systems policy to comply with specified algorithm standards.
NSA said addressing obsolete encryption is needed to ensure that private data is not exploited and that computer system and network attack surfaces are minimal.
Aside from the cybersecurity paper, the agency also announced the availability of information about network signatures, sample configurations and links to more tools and resources at the NSA Cybersecurity Github site.