Transfer Layer Security (TLS): Security Domino Effect
Outdated operating systems (OS) and transfer layer security (TLS) will create security and functionality gaps as third parties disable compatibility.
Staying current on software is critical to keeping current with security. Moreover, as we continue to layer and connect software and systems, maintaining security protocols makes updates more critical because maintaining security across all systems within the environment is reliant on each component being up to date. Such is true about the relationship between your server operating system (OS), your transport layer security (TLS), and endpoint security.
TLS is a cryptographic protocol that secures communication over networks and is configured on your server. As you may guess, the protocol is used in applications for web browsing, email, and instant messaging, as well as your antivirus software. Each version updates against new security threats.
TLS 1.2 has been here for a while (and TLS 1.3 is currently in revision), which means TLS 1.0 and 1.1 are now quite outdated and a growing liability in terms of maintaining security across your environment. Out-of-date protocols may contain security vulnerabilities. Additionally, third parties, like Trend Micro, will stop supporting TLS 1.0 and 1.1. Once out of support, all endpoints using Trend Micro will be required to support TLS 1.2 (see Operating Systems that Cannot Support TLS 1.2 to the right) to function properly. In the case of Trend Micro, backend servers will refuse agent connections using the outdated protocols, which will cause the client synchronization to fail. At that point, the firewall is no longer functioning.
Other Potential TLS Fallout
In addition to antivirus software companies, other third parties are doing their part to maintain security for themselves and their clients. And similarly to Trend Micro, applications are hinging functionality on security-critical updates. These applications include web browsers like Google Chrome, Microsoft Internet Explorer, Microsoft Edge, and Mozilla Firefox, as well as device operating systems like Windows, MAC, and Linux (for a full compatibility list, see GlobalSign’s compatibility tables).
Protect Yourself from Vulnerabilities
At a minimum, upgrade your environment to support TLS 1.2 and maintain a secure configuration. Start by enabling only necessary and secure cipher suites – disable all others. Also, be sure to keep your TLS software up-to-date with regular patching.
Summary: secure your environment by staying current with TLS protocols and operating systems
- You should be operating on TLS 1.2 or later as your server security protocol.
- Using unsupported TLS protocols creates security gaps throughout your technology environment.
- Maintain a secure configuration with only necessary and secure cipher suites, as well as regular patching.
TLS 1.2 is unsupported on…
Server Operating Systems
- Win Home Server Service Pack 2
- Win SBS 2003 Service Pack 2
- Win SBS 2008 Service Pack 1
- Win SBS 2008 Service Pack 2
- Win Server 2003 Dodatek Service Pack 2
- Win Server 2003 R2 Dodatek Service Pack 2
- Win Server 2003 R2 Service Pack 1
- Win Server 2003 R2 Service Pack 2
- Win Server 2003 Service Pack 1
- Win Server 2003 Service Pack 2
- Win Server 2003 Service Pack 3
- Win Server 2008 Service Pack 1 (reported 1.2 support w/ patch)
- Win Server 2008 Service Pack 2 (reported 1.2 support w/ patch)
- Win Vista
- Win Vista Service Pack 1
- Win Vista Service Pack 2
- WinXP Dodatek Service Pack 3
- WinXP Service Pack 2
- WinXP Service Pack 3
- Windows XP
- Windows XP SP3
- Windows Vista
- Windows 8 (partially supported, but fully supported in Windows 8.1)
- MAC OS X 10.2 – 10.8
- Airwatch (partially supported)
- Android versions 1.0 – 4.4.4
- iPhone OS versions 1 – 4
- MobileIron Core versions 9.4 and below
- Windows Phone versions 7, 7.5, 7.8, and 8