Transport Layer SecurityTLS Security (Part I)

I. What is TLS?

Before getting into TLS security, let’s first talk about encryption. It can generally be applied at different levels, from encryption in transit to encryption at rest and end to end encryption. Encryption at rest means that data is stored in an encrypted form to prevent unauthorized access. Think of hard drive encryption. Encryption in transit is the assertion of data that being transmitted is encrypted before the transmission takes place and after reception. And to prevent unauthorized access during the transmission.

TLS is a widely used protocol to secure communication over the internet. TLS was developed to address the weaknesses in SSL and has undergone several revisions over the years. Each of which has introduced new features and improvements to the protocol.

From the TCP/IP model perspective, TLS sits between TCP (transport) and the application layer. Which can be any application layer protocols such as HTTP, SMTP, FTP. TLS is a transparent for the application layer protocol. Which means the application later protocol does not need to know if TLS is implemented or not. Specifically speaking, TLS takes care of all the cryptographic operations, the application layer protocol can operate the same regardless of whether TLS is used or not.

II. TLS Security Misconfiguration

Even though, there are a few attacks tailored to TLS protocol. We will take a look at common TLS misconfiguration in this blog.

Expired Certificates: An expired certificate has passed its expiration date and is no longer valid. This can occur if the certificate is not renewed in time.
Self-signed Certificates: A self-signed certificate is signed by the entity that owns the website rather than by a trusted certificate authority (CA)
Mismatched Certificates: A mismatched certificate does not match the domain name it is associated with. This can occur if the certificate was issued for a different domain name or if it is being used on another website than intended.
Revoked Certificates: A revoked certificate has been canceled by the issuing certificate authority (CA) before its expiration date. This can happen if the certificate was compromised, the certificate was issued to the wrong entity, the certificate signing request (CSR) needed to be verified, or this website has been reported to host malicious content.

SECURITY FEATURES on MacOSX, SHODAN, Firewalls, Data Security

I. What is TLS?

II. TLS Security Misconfiguration

Related Posts

Internal Network Attack Vector Discovery (Part III)

Internal Network Attack Vector Discovery (Part II)

Internal Network Attack Vector Discovery (Part I)

Leave a Reply Cancel reply