Coder Social home page Coder Social logo

paulmenzel / mitigating-obsolete-tls Goto Github PK

View Code? Open in Web Editor NEW

This project forked from nsacyber/mitigating-obsolete-tls

0.0 1.0 0.0 370 KB

Guidance for mitigating obsolete Transport Layer Security configurations. #nsacyber

License: Other

PowerShell 100.00%

mitigating-obsolete-tls's Introduction

Mitigating Obsolete TLS

This repository lists a number of tools, SNORT signatures, and web server configurations to help network owners detect and remediate the use of obsolete TLS. More information is available in NSA Cybsecurity Information Sheet (CSI) Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations:

Background

Encryption protocols, such as Transport Layer Security (TLS) and Secure Sockets Layer (SSL), provide data protection as it travels through a network. However, older versions of these protocols become obsolete as technology changes and vulnerabilities surface. Network connections employing obsolete encryption protocols are at an elevated risk of exploitation and decryption. As a result, all systems should detect and remediate the use of deprecated forms of encryption for TLS and SSL protocols.

See the TLS background information page for more information.

TLS Scanning and Configuration Tools

Note that these tools and services are listed as examples, and are not recommended, endorsed, or certified for any use.

Scanning Tools

Comprehensive analysis of servers can be performed by attempting to initiate weak TLS sessions using custom tools and seeing if the server agrees to utilize obsolete cryptography. There are a number of open source tools and commercial services available that can perform active scans to detect non-compliant TLS versions, cipher suites, and key exchanges. The following example tools claim to be able to scan for obsolete cryptography.

Configuration Tools

The following example tools can assist, in addition to this repository, in creating server configuration files using compliant TLS versions, cipher suites, and key exchanges.

SNORT Rules

The provided SNORT rules are alerting rules. Investigation for accuracy is required for hits. The rules have been tested, but every system can be configured differently, so ensure that the signature is triggered properly or is adjusted as needed based on the sensors and the environment.

See SNORT rules readme and text files for more information.

Detecting Secure TLS

See SNORT rules for more information.

Secure TLS Web Server Configurations

See web server configuration readme and text files for more information.

License

See LICENSE.

Contributing

See CONTRIBUTING.

Disclaimer

See DISCLAIMER.

mitigating-obsolete-tls's People

Contributors

iadgovuser1 avatar iadgovuser41 avatar iadgovuser47 avatar konstruktoid avatar iadgovadmin avatar jtesta avatar jmtaylor90 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.