Friday, May 2, 2014

NIST Revises Guide to Use of Transport Layer Security (TLS) in Networks




Contact: Chad Boutin
301-975-4261

The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks.
The document, NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, updates the original SP 800-52, released in 2005.

Sensitive data—from credit card numbers to patient health information to social networking details—need protection when transmitted across an insecure network, so administrators employ protocols that reduce the risk of that data being intercepted and used maliciously. TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data that is passed back and forth. TLS is used by a wide variety of everyday applications, including email, secure web browsing, instant messaging and voice-over-IP (VOIP).

The Internet Engineering Task Force found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues. SP 800-52 Rev. 1 offers guidance to administrators on how to use the new versions of TLS in their networks.

"TLS 1.1 and 1.2 offer administrators a great number of options," says NIST computer security expert Andrew Regenscheid. "We make recommendations in SP 800-52 Rev. 1 on how to configure those options, including which algorithms to use and the length of cryptographic keys."

No comments:

Post a Comment

Comments are Welcome.