• Attack Surface Monitoring
  • Oct 26, 2021
  • By QOMPLX

Attack surface risk signals: TLS/SSL configuration

Attack surface risk signals: TLS/SSL configuration

In this installment of our attack surface risk signals series, we address TLS/SSL certificates

TLS (Transport Layer Security)/SSL (Secure Sockets Layer) certificates play a critical role in securing enterprise communications by employing public key encryption to secure Internet browser connections, email communications, user authentication and other online transactions. Because of the critical role they play in securing online transactions, TLS/SSL certificates are frequently targeted by sophisticated adversaries as part of offensive cyber operations.

One of the most important things for an enterprise to keep in mind is that the use and proper configuration of TLS, in conjunction with up to date certifications, can reduce the risk of Man-in-the-Middle (MITM) attacks that allow attackers to sit in between parties in communications. MITM attacks allow attackers to snoop on encrypted communications and can lead to confidential data exposure.

Certificates used with TLS should use SHA-256 for the hashing algorithm. TLS implementations that use older MD5 and SHA-1 algorithms are vulnerable to attack, as these algorithms have a number of cryptographic weaknesses, and are not trusted by modern browsers. Therefore, it is critical to monitor these certificates and configurations to limit the likelihood of your data being exposed.

Q:SCAN checks TLS/SSL configuration

Q:SCAN checks TLS/SSL configurations against web services by evaluating TLS/SSL certificates in use by your organization, including the presence and strength of cryptography used. Browser validation lets you know if your connection is secure by displaying a lock icon in front of the URL in the web address field. This indicates that your SSL certificate is present and configured correctly on that server. Expired certificates are a common cause of a browser validation response of false.

Interested in understanding how attackers think about exploiting weaknesses in your attack surface? Check out our on-demand webinar “Cybersecurity from a hacker’s perspective” with 3-time DEF CON speaker, Alejandro Caceres.

You might also be interested in

MDR-Why does my organization need it?

MDR-Why does my organization need it?

Steve Nestler, Sales Engineer, discusses what MDR is as a technology and what the value proposition is for Small and Medium sized businesses (SMBs), and how it can help these organizations strengthen their current infrastructure against attack vectors and Bad Actors.

Read more
Lessons from the Medibank breach

Lessons from the Medibank breach

Ming Fu, a member of the Americas Pre-Sales Engineering Team at QOMPLX, looks at the much publicized Medibank breach in Australia last year, and draws a few much needed lessons based on the published findings of this breach.

Read more
Attack surface risk signals: IP reputation

Attack surface risk signals: IP reputation

IP reputation should be tracked consistently. Connections to known malicious infrastructure on the Internet is a clear indicator of risk.

Read more
Request a Demo

Interested in learning more?

Subscribe today to stay informed and get regular updates from QOMPLX.