Scribd Logo
Upload

Welcome to Scribd!

  • 31 views

    Transport Layer Protection Cheat Sheet

    Uploaded by

    Roman Potapov
    The document discusses recommendations for securing TLS/SSL connections and applications. It provides guidance on server and certificate configuration, including using strong protocols, ciphers, keys, and hashes. It also covers application-level practices like always using TLS, secure cookies, caching, and additional encryption.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Transport Layer Protection Cheat Sheet

    Uploaded by

    Roman Potapov
    31 views6 pages
    The document discusses recommendations for securing TLS/SSL connections and applications. It provides guidance on server and certificate configuration, including using strong protocols, ciphers, keys, and hashes. It also covers application-level practices like always using TLS, secure cookies, caching, and additional encryption.

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses recommendations for securing TLS/SSL connections and applications. It provides guidance on server and certificate configuration, including using strong protocols, ciphers, keys, and hashes. It also covers application-level practices like always using TLS, secure cookies, caching, and additional encryption.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    31 views6 pages

    Transport Layer Protection Cheat Sheet

    Uploaded by

    Roman Potapov
    The document discusses recommendations for securing TLS/SSL connections and applications. It provides guidance on server and certificate configuration, including using strong protocols, ciphers, keys, and hashes. It also covers application-level practices like always using TLS, secure cookies, caching, and additional encryption.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 6

    Transport Layer Protection Cheat Sheet

    When correctly implemented, TLS can provides a number of security benefits:


     Confidentiality - protection against an attacker from reading the contents of traffic.
     Integrity - protection against an attacker modifying traffic.
     Replay prevention - protection against an attacker replaying requests against the server.
     Authentication - allowing the client to verify that they are connected to the real server
    (note that the identity of the client is not verified unless client certificates are used).

    SSL vs TLS

    Server Configuration
    Only Support Strong Protocols
    General purpose web applications should default to TLS 1.3 (support TLS 1.2 if
    necessary) with all other protocols disabled.

    Only Support Strong Ciphers


    In TLS 1.3, many legacy algorithms that were supported in early versions of TLS have been dropped
    in an effort to make the protocol more secure.[9] In addition, all encryption and authentication
    algorithms are combined in the authenticated encryption with associated data (AEAD) encryption
    algorithm. Also a hash algorithm must now be used in HMAC-based key derivation (HKDF).[10] All
    non-AEAD ciphers have been removed due to possible weaknesses or vulnerabilities and ciphers
    must use an ephemeral key exchange algorithm so that new key pairs are generated for every
    exchange.[11]

    GCM ciphers should be enabled

    At a minimum, the following types of ciphers should always be disabled:

     Null ciphers
     Anonymous ciphers
     EXPORT ciphers

    Use Strong Diffie-Hellman Parameters


    sufficiently secure Diffie-Hellman parameters (at least 2048 bits) should be used
    Disable Compression
    TLS compression should be disabled in order to protect against a vulnerability
    (nicknamed CRIME) which could potentially allow sensitive information such as session
    cookies to be recovered by an attacker.

    Patch Cryptographic Libraries


    ensure that these libraries are kept up to date with the latest security patches.

    Test the Server Configuration


    Once the server has been hardened, the configuration should be tested.

    Certificates
    Use Strong Keys and Protect Them
    The private key used to generate the cipher key must be sufficiently strong for the
    anticipated lifetime of the private key and corresponding certificate. The current best
    practice is to select a key size of at least 2048 bits.
    The private key should also be protected from unauthorized access using filesystem
    permissions and other technical and administrative controls.

    Use Strong Cryptographic Hashing Algorithms¶


    Certificates should use SHA-256 for the hashing algorithm, rather than the older MD5
    and SHA-1 algorithms. These have a number of cryptographic weaknesses, and are not
    trusted by modern browsers.

    Use Correct Domain Names


    The domain name (or subject) of the certificate must match the fully qualified name of
    the server that presents the certificate.

     Do not include internal domain names on externally facing certificates.


     If a server is accessible using both internal and external FQDNs,
    configure it with multiple certificates.
    Carefully Consider the use of Wildcard Certificates
    Wildcard certificates can be convenient, however they violate the principal of least
    privilege, as a single certificate is valid for all subdomains of a domain (such as
    *.example.org).
    Only use wildcard certificates where there is a genuine need
    Never use a wildcard certificates for systems at different trust levels
    Consider the use of a reverse proxy server which performs TLS termination
    A list of all systems sharing a certificate should be maintained
    Limit the scope of a wildcard certificate by issuing it for a subdomain.

    Use an Appropriate Certification Authority for the Application's User


    Base
    In order to be trusted by users, certificates must be signed by a trusted certificate
    authority (CA). For Internet facing applications, this should be one of the CAs which are
    well-known and automatically trusted by operating systems and browsers.

    Use CAA Records to Restrict Which CAs can Issue Certificates


    Certification Authority Authorization (CAA) DNS records can be used to define which
    CAs are permitted to issue certificates for a domain.

    Always Provide All Needed Certificates


    In order to validate the authenticity of a certificate, the user's browser must examine the
    certificate that was used to sign it and compare it to the list of CAs trusted by their
    system.

    Consider the use of Extended Validation Certificates


    Extended validation (EV) certificates claim to provide a higher level of verification of the
    entity, as they perform checks that the requestor is a legitimate legal entity, rather than
    just verifying the ownership of the domain name like normal (or "Domain Validated")
    certificates.

    Application
    Use TLS For All Pages

    Do Not Mix TLS and Non-TLS Content


    Modern browsers will also block attempts to load active content over unencrypted HTTP
    into secure pages.

    Use the "Secure" Cookie Flag


    All cookies should be marked with the "Secure" attribute, which instructs the browser to
    only send them over encrypted HTTPS connections, in order to prevent them from being
    sniffed from an unencrypted HTTP connection.

    Prevent Caching of Sensitive Data


    Where sensitive data is returned in responses, HTTP headers should be used to instruct
    the browser and any proxy servers not to cache the information, in order to prevent it
    being stored or returned to other users.
    Cache-Control: no-cache, no-store, must-revalidate
    Pragma: no-cache
    Expires: 0

    Use HTTP Strict Transport Security¶

    Consider the use of Client-Side Certificates¶

    Client certificates are rarely used on public systems due to a number of issues:

     Issuing and managing client certificates introduces significant administrative


    overheads.
     Non-technical users may struggle to install client certificates.
     TLS decryption used by many organizations will cause client certificate
    authentication to fail.

    However, they should be considered for high-value applications or APIs, especially


    where there are a small number of technically sophisticated users, or where all users are
    part of the same organization.
    Consider Using Public Key Pinning
    Public key pinning can be used to provides assurance that the server's certificate is not
    only valid and trusted, but also that it matches the certificate expected for the server.
    public key pinning can still provide security benefits for mobile applications, thick clients
    and server-to-server communication.

    Application Level Encryption

    Application-level encryption keeps data encrypted as long as you choose—up to a fully


    end-to-end encrypted lifecycle, significantly decreasing attack surface on sensitive data,
    whereas TLS only protects you from eavesdropping between servers

     Application-level encryption (ALE) means encrypting data within the application,


    and not depending on the underlying transport and/or at-rest encryption.

     Encryption is easy, key management is hard—any encryption process requires key


    management infrastructure and several additional supporting processes, which
    should be aligned with your systems architecture, FRs, and NFRs.

     ALE can be implemented in various ways to address different security


    requirements—from end-to-end encryption and zero trust architectures to partial
    field-level database encryption.

     The encryption subsystem works better when integrated with others to form
    defense-in-depth: with access control, logging, intrusion detection, request
    authentication, and data leakage prevention.

     ALE protects from more risks than transport and at-rest encryption, but at the
    cost of tradeoffs. Some of them (for example, searching encrypted data) have
    been addressed with understandable tradeoffs, some are unique and need to be
    considered separately.

     Store passwords using strong adaptive and salted hashing functions with a work
    factor (delay factor), such as Argon2, scrypt, bcrypt or PBKDF2.

     Always use authenticated encryption instead of just encryption.


    Since encrypting/decrypting requires access to cryptographic keys, the choice where to
    encrypt/decrypt has to be based on security assumptions:
    1. Encryption library inside the application: If an end-user is a single trusted
    entity within a system (as in end-to-end encrypted, zero-trust systems), keys
    should be stored near the user, and encryption/decryption should happen in a
    client application, preferably within the same component. This way you can
    protect long-lived credentials (cryptographic keys) with passwords, pins, and
    biometry, which are provided by the user only to decrypt cryptographic keys.
    Examples of such libraries are libsodium, themis, gocrypto, Google Tink.

    For complex data flows, end-to-end encryption is quite hard, as a lot of parties access
    sensitive data differently, while integrating encryption with other tooling. Obvious
    choices would be to package encryption into:
    2. API service: adding a component that has access to the keys and can perform
    encryption, decryption, and other security functions.
    3. Proxy service: adding a proxy between application and datastore, which will
    detect and encrypt/decrypt the data. It can be a straight reverse proxy, or a DAO-
    like service, which owns and simplifies access while performing security
    operations.
    In cases 2 and 3, sensitive computations and keys are separate from the application.
    Segregating them from the main codebase has several benefits—it’s easier to monitor,
    update, and maintain the encryption subsystem. There is a vast set of choices of tools
    for application-level encryption—you can use Hashicorp’s Vault in Encryption API
    mode, Cossack Labs’ Acra in API, and Proxy modes among open-source tools available.

    You might also like