Cybersecurity Agencies Recommending Against Obsolete Protocols

Share this post
Share on twitter
Share on facebook
Share on email
Share on linkedin
Cybersecurity Agencies Recommending Against Obsolete Protocols

Well-known cybersecurity agencies in the United States and the Netherlands issued recommendations against the use of obsolete TLS protocols that put the networks and users at risk. 

In early January, the NSA, the main cybersecurity agency in the US, issued an advisory that recommended with great emphasis to stop the use of obsolete TLS and SSL protocols. In the security advisory, federal agencies are urged to prevent the use of these protocols and inadequate configurations.

The NSA argued that “Using obsolete encryption provides a false sense of security because it seems as though sensitive data is protected, even though it really is not.” According to the document, only TLS 1.2 and TLS 1.3 should be used. On the other hand, agencies must stop and prevent the use of TLS 1.0, TLS 1.1, SSL 2.0, and SSL 3.0.

A couple of weeks later, the National Cyber Security Center in the Netherlands published a statement urging public agencies and private organizations to migrate their systems to TLS 1.3.

Better But Not Perfect

While both cybersecurity agencies are urging both public and private organizations to move to TLS 1.3, the recommendations made clear that these newer protocols aren’t failproof. 

The NSA recommends pairing TLS 1.2 and TLS 1.3 protocols with strong, reliable cryptographic parameters and cipher suites. It remains a very serious problem to use modern protocols with weak encryption methods, creating liabilities where they shouldn’t be.

In the security advisory, we can read that “especially weak encryption algorithms in TLS 1.2 are designated as NULL, RC2, RC4, DES, IDEA, and TDES/3DES; cipher suites using these algorithms should not be used.”

To provide some additional help, the NSA also publicly shared a selection of tools for system administrators, with the goal of helping them navigate their networks and identify those systems using obsolete protocols.

The informative piece includes context on how attacks against TLS are continually developing to be more effective against organizations, emphasizing the importance of using the latest protocols to manage that risk.

Web Browsers Leading the Change

These cybersecurity recommendations coming from official sources aren’t the only signs of a fast-paced transition towards more effective TSL protocols. 

In 2020, we saw how major web browsers decided to stop supporting websites using TLS 1.0 and TLS 1.1. The reason? Considerable security issues. This decision has effectively forced millions of websites to do the change to a more secure configuration.

These actions, accompanied by a common message from leading authorities in cybersecurity, should be enough to convince both public and private organizations to move towards and implement safer protocols and configurations. 

Share on twitter
Share on facebook
Share on email
Share on linkedin

More Articles by Julie Security

Juliesecurity Logo

Download a sample report

The best way to understanding our value is to see it with your own eyes. A risk assessment report is a powerful tool helping mitigate cybersecurity vulnerabilities.

Welcome to Julie Security

Map your OT and IoT assets. Monitor your networks. Protect your facility from cyber attacks. Do it with the Julie Security Intrusion Detection Platform.

By clicking the “Sign Up” button, you are creating a Julie Security account, and you agree to the
Terms of Use and Privacy Policy.