Are you ready to bid goodbye to SSL 3.0 and early TLS versions?

Has your company shifted from SSL 3.0 and early TLS protocols? Are you still working with e-commerce or online clients who haven’t migrated to a safer and secure encryption protocol? Well, it is time to bid goodbye to SSL 3.0 and TLS 1.0 soon!

To reduce the risk of being breached, the PCI Security Standards Council has imposed a deadline on 30th June 2018 for disabling support for SSL 3.0 and TLS 1.0 which will no longer be able to transmit or receive secure communications. To meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data, all payment processors, merchants, service providers, and other stakeholders are required to implement a more secure encryption protocol – TLS 1.1 or higher must be used, with TLS 1.2 being strongly recommended.

Here are few answers that would aid in understanding why we are bidding a goodbye to these protocols:

What is SSL and TLS?

Transport Layer Security (TLS) – and its predecessor, Secure Sockets Layer (SSL), which is now prohibited from use by the Internet Engineering Task Force (IETF) – are cryptographic protocols that provide communications security over a computer network. TLS provides secure communications on the Internet for such things as web browsing, email, Internet faxing, instant messaging, and voice over IP (VoIP). It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems.

Why is this change taking place?

Ending support for outdated protocols, SSL 3.0 and TLS versions 1.0 helps to provide clients, and their website visitors, with a higher level of security for their browsing sessions.

What is the risk of using SSL/early TLS?

The widespread POODLE and BEAST exploits are examples of how attackers take advantage of weaknesses in SSL and early TLS placing organizations are at the risk of being breached. It is critically important that organizations upgrade to a secure alternative as soon as possible and disable any fallback to both SSL and early TLS.

Who is most prone to SSL/early TLS vulnerabilities?

Online and e-commerce environments using SSL 3.0 and early TLS are most susceptible to the SSL exploits. But, according to the deadline, the PCI DSS migration date implies to all environments – except for payment terminals (POIs).

How will this affect me?

There will be no change other than better security used when visiting managed websites. For the minority of visitors who are using older browsers or operating systems, the browsers have to be updated to a version which supports TLS 1.2 to resolve this problem. For example:

  • Google Chrome 30 or higher (version 40 or above is recommended)
  • Mozilla Firefox 27 or higher (version 34 or above is recommended)
  • Internet Explorer 11 or higher
  • Apple Safari 7 or higher (Safari 5 or higher on mobile)
  • Microsoft Edge, all versions
  • Opera 17 or higher (version 27 or above is recommended)

What should organizations do if their ASV scan flags the presence of SSL and the scan fails?

Organizations should provide the Approved Scanning Vendor (ASV) with documented confirmation that they have implemented a Risk Mitigation and Migration Plan and are working to complete their migration before 30th June 2018. Document this confirmation receipt by the ASV as an exception under “Exceptions, False Positives, or Compensating Controls” in the ASV Scan Report Executive Summary.

What should organizations do to protect themselves against SSL 3.0/early TLS vulnerabilities?

Organizations should not delay and should migrate to more secure protocols as soon as possible. Here are few steps to be taken by organizations:

  • Migrate to a minimum of TLS 1.1, preferably TLS 1.2. The best and most reliable method of protecting your organization against the protocol vulnerabilities is by migrating to a later version of TLS.
  • Patch TLS software against implementation vulnerabilities. Keep TLS software up-to-date to ensure it is patched against these vulnerabilities and have counter measures for other attacks.
  • Configure TLS securely. Ensure that secure TLS cipher suites and key sizes are supported and disable support for other cipher suites that are not necessary for interoperability.
  • Use PCI SSC resources. Visit the PCI SSC website for resources that can help with SSL/early TLS migration.

Hope these key questions and answers assisted in understanding why PCI Security Standards Council has imposed a deadline, how it affects us and our organizations and what should be done as an organization and at an individual level. So, are you ready to bid adieu to SSL 3.0 and TLS 1.0 encryption protocols and migrate to a safer and secure protocol?

WHAT WILL TOP INFLUENCER MARKETING LOOK LIKE IN 2020

The new social era in digital marketing has accepted influencer marketing as an advanced strategy to convert more viewers to customers in 2020 and online brands also pay a lot of attention to influencer marketing.

Top 5 Social Media Trends of 2020

Over the years, there has been a tremendous increase in the number of internet users in both rural and urban areas. Eventually, this has led to a rise in the number of social media users. According to Sannam S4, there were more than 560 million internet users and around 310 million social media users in 2019. By 2023, it is expected to reach 448 million social media users. In such a scenario, any organization needs to understand the rising importance and the current trends of social media.

Top 9 SEO Trends in 2020 You Need to Know About

Each day a new business rises and so does the competition. In this competitive scenario, not only content, but SEO too is gaining immense popularity. It is necessary for all the websites to meet certain requirements made by the search engines. Your search engine ranking gets affected when Google updates its algorithms. Hence, it is important to be well informed of the current SEO trends so that your website ranks higher on the search results.

Join us for a cup of coffee!