Transport Layer Security (TLS)

Port: N/A (Layer below application)
Type: Transport Layer

Description

TLS (Transport Layer Security) is a cryptographic protocol designed to provide communications security over a computer network. It is the successor to SSL and is used to secure communications over the internet.

Technical Details

  • Provides encryption, authentication, and integrity of data

Security Considerations

TLS 1.2 and 1.3 provide strong security when properly implemented. Proper certificate validation and use of secure cipher suites are essential for security.

Potential Abuse Cases

TLS can be used to hide malicious traffic from network monitoring tools. TLS tunneling can be used to bypass security controls and for command and control communications.

Detection Strategies

Monitor certificate information, cipher suites being used, and SNI values. TLS inspection can be used to decrypt and analyze traffic, though this requires careful implementation.

Mitigation Techniques

Enforce use of TLS 1.2 or higher, implement proper certificate validation, use secure cipher suites, and enable TLS inspection where appropriate.

References