Networks rely on encryption to ensure that data is kept private and cannot be changed while at rest or in transit. In most cases this encryption utilizes certificates, and these certificates in turn rely on encryption protocols such as SSL/TLS.
These encryption protocols are constantly being updated because new weaknesses are found in them. It is important that organizations update the encryption protocols supported by their systems regularly to ensure that encryption cannot be compromised.
The updating of supported encryption protocols is often forgotten or put off. This is because these updates usually require manual configuration changes be performed, and because there is always a fear that removing support for an older protocol may impact a critical process.
It is not uncommon to see many instances of older protocols being supported in the vulnerability scanning reports of an institution, and because these are often ranked as only a “moderate” risk they often do not become a high priority.
Recent guidance from the National Security Agency (NSA) may help institutions in prioritizing the update of these encryption protocols. the NSA guidance includes which protocols are considered secure by today’s standards, as well as links and tips for helping organizations detect where these protocols are in active use.
Finally, the document provides guidance on how to remediate insecure protocols. IT departments of financial institutions are urged to review this documentation and to start the process of detecting and remediating these weaker protocols.
Bedel Security urges institutions that support weaker protocols to take a risk-based approach to remediation, starting with systems that are externally accessible via the Internet. After Internet-facing hosts are addressed, internal systems should be prioritized based on the impact that would result in a disclosure or modification of data on that system. Changes to these protocols should be tested where possible, and closely monitored after implementation in production for any adverse impact.
We help financial institutions like yours across the country to prioritize their information security activities. If you feel like your institution could use some help in this area, please contact us at support@bedelsecurity.com!
Additional Resources:
Is Encryption Making You Less Secure?
https://www.bedelsecurity.com/blog/is-encryption-making-you-less-secure
SolarWinds: 5 Points to Communicate to Your Board
https://www.bedelsecurity.com/blog/solarwinds-5-points-to-communicate-to-your-board
Mitigating Supply Chain Attacks
https://www.bedelsecurity.com/blog/mitigating-supply-chain-attacks
SolarWinds: What do we know so far?
https://www.bedelsecurity.com/blog/solarwinds-what-do-we-know-so-far
Information Security Strategy: 5 Tips for Success
https://www.bedelsecurity.com/blog/information-security-strategy-5-tips-for-success
The Virtual CISO Whitepaper
https://www.bedelsecurity.com/the-virtual-ciso-whitepaper