You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Malware and Vulnerabilities
- NSA Warns about TLS Inspection Risks. Here’s What You Need to Know.

NSA Warns about TLS Inspection Risks. Here’s What You Need to Know.
NSA Warns about TLS Inspection Risks. Here’s What You Need to Know.- November 25, 2019
- |
- Malware and Vulnerabilities
/https://cystory-images.s3.amazonaws.com/shutterstock_179616941.jpg)
- The U.S. National Security Agency (NSA) has released an advisory about the dangers of transport layer security inspection.
- The advisory also provides mitigation measures for organizations using the TLSI.
What is the Transport Layer Security Inspection?
Transport Layer Security Inspection (TLSI) or TLS break and inspect, is a security measure that involves decrypting traffic, inspecting decrypted content, and encrypting the traffic again before it enters or leaves the network.
This process involves proxy devices, firewalls, and intrusion detection or prevention systems (IDS/IPS).
Risks involved with TLSI
Although TLSI is useful for monitoring potential threats, it also brings with it multiple risk factors.
- The primary risk involved is the exploitation of a certification authority to issue unauthorized certificates. This can allow the deployment of malicious services or allow malicious code to bypass intrusion detection or prevention systems.
- Bad actors may focus their efforts on targeting the specific device where traffic they need is decrypted.
- TLSI improves insider threat risks, especially in the case of those employees directly managing the implementation of TLSI.
Apart from this, certain countries have laws governing TLSI capabilities in enterprises. Before implementing TLSI, organizations must be aware of the requirements and compliances mandated by law.
What does the advisory say?
The advisory begins by exploring what TLSI is and goes on to describe the several risks associated. Apart from this, it also provides mitigation measures enterprises can take to prevent these risks.
“To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network. Redundant TLSI, wherein a client-server traffic flow is decrypted, inspected, and re-encrypted by one forward proxy and is then forwarded to a second forward proxy for more of the same, should not be performed,” reads the advisory.
- + Aware
Get such articles in your inbox
News
-
Previous News Cryptocoin Scams: What You Must Know to Stay Safe
- November 25, 2019
- |
- Identity Theft, Fraud, Scams
-
Next News Become a Millionaire by Finding Bugs! Google Throws Challenge for Pixel Titan M Exploit
- November 23, 2019
- |
- Security Culture
Popular News
Related News
Categories
Get such articles in your inbox
News
-
Previous News Cryptocoin Scams: What You Must Know to Stay Safe
- November 25, 2019
- |
- Identity Theft, Fraud, Scams
-
Next News Become a Millionaire by Finding Bugs! Google Throws Challenge for Pixel Titan M Exploit
- November 23, 2019
- |
- Security Culture
Popular News
Related News
Categories
