Has your company shifted from SSL 3.0 and early TLS protocols? Are you still working with e-commerce or online clients who haven’t migrated to a safer and secure encryption protocol? Well, it is time to bid goodbye to SSL 3.0 and TLS 1.0 soon!
To reduce the risk of being breached, the PCI Security Standards Council has imposed a deadline on 30th June 2018 for disabling support for SSL 3.0 and TLS 1.0 which will no longer be able to transmit or receive secure communications. To meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data, all payment processors, merchants, service providers, and other stakeholders are required to implement a more secure encryption protocol – TLS 1.1 or higher must be used, with TLS 1.2 being strongly recommended.
Here are few answers that would aid in understanding why we are bidding a goodbye to these protocols:
Transport Layer Security (TLS) – and its predecessor, Secure Sockets Layer (SSL), which is now prohibited from use by the Internet Engineering Task Force (IETF) – are cryptographic protocols that provide communications security over a computer network. TLS provides secure communications on the Internet for such things as web browsing, email, Internet faxing, instant messaging, and voice over IP (VoIP). It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.
Ending support for outdated protocols, SSL 3.0 and TLS versions 1.0 helps to provide clients, and their website visitors, with a higher level of security for their browsing sessions.
The widespread POODLE and BEAST exploits are examples of how attackers take advantage of weaknesses in SSL and early TLS placing organizations are at the risk of being breached. It is critically important that organizations upgrade to a secure alternative as soon as possible and disable any fallback to both SSL and early TLS.
Online and e-commerce environments using SSL 3.0 and early TLS are most susceptible to the SSL exploits. But, according to the deadline, the PCI DSS migration date implies to all environments – except for payment terminals (POIs).
There will be no change other than better security used when visiting managed websites. For the minority of visitors who are using older browsers or operating systems, the browsers have to be updated to a version which supports TLS 1.2 to resolve this problem. For example:
Organizations should provide the Approved Scanning Vendor (ASV) with documented confirmation that they have implemented a Risk Mitigation and Migration Plan and are working to complete their migration before 30th June 2018. Document this confirmation receipt by the ASV as an exception under “Exceptions, False Positives, or Compensating Controls” in the ASV Scan Report Executive Summary.
Organizations should not delay and should migrate to more secure protocols as soon as possible. Here are few steps to be taken by organizations:
Hope these key questions and answers assisted in understanding why PCI Security Standards Council has imposed a deadline, how it affects us and our organizations and what should be done as an organization and at an individual level. So, are you ready to bid adieu to SSL 3.0 and TLS 1.0 encryption protocols and migrate to a safer and secure protocol?
Film director, Wes Anderson has always been distinguished for his visual artistry, detail-rich sets, and storybook-like imagery. From the whimsical feel of Fantastic Mr. Fox to the carefully crafted sets in Darjeeling Express, Anderson’s movies are nothing less of visual masterpieces! This aesthetics-conscious filmmaker follows certain practices that can inspire User Interface (UI) and User […]
Comparisons can be difficult, but it helps us in making decisions effectively. Even when we have no innate means of determining the value of something, we often evaluate things on the basis of emotions and experiences. Bringing these contrasts into your design habits is what separates a great designer from a good designer. Like any […]
After the end of quite an eventful Valentine’s Day, it has been noted that around 5.2 million (325,000 kg) roses were exported to 25 different countries from Bengaluru Airport between February 1 and 14 2018. Countries to which the roses were exported to include Malaysia, Kuwait, Singapore, Japan, U.S.A., United Kingdom, South Korea, the Netherlands […]
Join us for a cup of coffee!