topic NSA Releases Guidance on Eliminating Obsolete TLS in Threats https://community.isc2.org/t5/Threats/NSA-Releases-Guidance-on-Eliminating-Obsolete-TLS/m-p/42178#M223 <P><SPAN>The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete <A href="https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF" target="_blank" rel="noopener">Transport Layer Security (TLS) configurations</A>. Although the guidance is not exactly new, the information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations. What I do like about the guidance is that they offer advice on traffic blocking.</SPAN></P> Wed, 06 Jan 2021 02:46:53 GMT AppDefects 2021-01-06T02:46:53Z NSA Releases Guidance on Eliminating Obsolete TLS https://community.isc2.org/t5/Threats/NSA-Releases-Guidance-on-Eliminating-Obsolete-TLS/m-p/42178#M223 <P><SPAN>The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete <A href="https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF" target="_blank" rel="noopener">Transport Layer Security (TLS) configurations</A>. Although the guidance is not exactly new, the information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations. What I do like about the guidance is that they offer advice on traffic blocking.</SPAN></P> Wed, 06 Jan 2021 02:46:53 GMT https://community.isc2.org/t5/Threats/NSA-Releases-Guidance-on-Eliminating-Obsolete-TLS/m-p/42178#M223 AppDefects 2021-01-06T02:46:53Z Re: NSA Releases Guidance on Eliminating Obsolete TLS https://community.isc2.org/t5/Threats/NSA-Releases-Guidance-on-Eliminating-Obsolete-TLS/m-p/42215#M225 <P>I saw this today as it popped up on the Reddit sysadmin forum. I'll agree that it's one of the better government documents I've seen on the topic. More straightforward with what you should do and lacks the cover pages and other language not needed to mitigate, much more straightforward. Also appreciate the list to many scanners on the github link. There were a few in there I hadn't used and like the results page more than the ones I had been using.</P><P>&nbsp;</P><P>For those not familiar, the best way to implement, in Windows IIS servers at least, is to utilize the <A href="https://www.nartac.com/Products/IISCrypto" target="_blank" rel="noopener">IIS Crypto</A> utility. That will save you from modifying multiple registry keys and makes backing up the original keys easy.</P> Wed, 06 Jan 2021 18:30:16 GMT https://community.isc2.org/t5/Threats/NSA-Releases-Guidance-on-Eliminating-Obsolete-TLS/m-p/42215#M225 ITProJeff 2021-01-06T18:30:16Z