You’ve been asked to do more with less and to keep the network running securely, 24×7, while helping your organization to adapt and persevere during extraordinary times. Adding to the challenge, network and security teams are discovering that TLS 1.3 is breaking long-standing application control and URL security policies, forcing full decryption of flows where … [Read more...] about FTD 6.7 maintains your at-risk security policies in a TLS 1.3 world
TLS
Network Security Efficacy in the Age of Pervasive TLS Encryption
A Reality Check on Firewall Visibility One question which I love to ask next-generation firewall (NGFW) and intrusion prevention system (IPS) administrators is whether they have seen a gradual decline in their deployments’ security efficacy over the last few years. Most answer this question with a resounding “yes,” and then wonder how I knew. With over 90% of Internet traffic … [Read more...] about Network Security Efficacy in the Age of Pervasive TLS Encryption
Post-Quantum TLS 1.3 and SSH Performance (preliminary results)
Co-author: Dimitrios Sikeridis. Motivation As brought up on multiple occasions, if a real-world quantum computer was ever built, it could jeopardize public key exchange, encryption, and digital signature schemes used in secure tunnel protocols today like (D)TLS, SSH, IKEv2/IPsec and more. To prepare for a post-quantum future, NIST has embarked on a journey of standardizing … [Read more...] about Post-Quantum TLS 1.3 and SSH Performance (preliminary results)
How New ‘Delegated Credentials’ Boosts TLS Protocol Security
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS."Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections.In short, the new TLS protocol … [Read more...] about How New ‘Delegated Credentials’ Boosts TLS Protocol Security
Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers.Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that … [Read more...] about Exim TLS Flaw Opens Email Servers to Remote ‘Root’ Code Execution Attacks