Digital Hygiene Tip From Our SOC: Update Your Cipher Suites and Certificates

PUBLISHED ON January 20, 2022
LAST UPDATED Jan 20, 2022

It’s January, and most of us are hitting the gym, eating salads, and resolving to take better care of our health. This year, we’d encourage you to add “improve digital health.” We’re telling ThreatX customers to make sure their new year’s resolutions include good digital hygiene, such as updating cipher suites and certificates.  

Updating certificates 

It’s a good time to make sure your certificates are not only up to date, but are also part of a mature rotation/change management policy.  

We recommend checking: 

  • Your certificate expiration 
  • Where the keys are backed-up
  • That you are following a least-privileged access model – where only those who need access to certificates have access, and it is audited 

Updating ciphers 

Ensure your systems only accept strong ciphers. If possible, AES-GCM mode should be used over the AES-CBC. In addition, upgrade to support TLS 1.3: only around 25% of web servers currently support TLS 1.3. 

Good TLS 1.3 Ciphers: 

  • TLS_AES_256_GCM_SHA384 
  • TLS_CHACHA20_POLY1305_SHA256 
  • TLS_AES_128_GCM_SHA256

Good TLS 1.2 Ciphers: 

  1. ECDHE-RSA-AES128-GCM-SHA256 
  2. ECDHE-RSA-AES256-GCM-SHA384

As with the salads and the treadmill, small changes can prevent a lot of big problems. We’re working with our customers every day to ensure they’re not giving attackers an easy in. We’re going to regularly share more tips, advice, and observations from our experience helping customers secure their APIs and apps in 2022. Stay tuned …  

In the meantime, check out this recent blog post where we shared some tips on reducing your API attack vectors

Tags

About the Author

Neil Weitzel

Neil is the Manager of the ThreatX Security Operations Center and is located in Detroit, MI. He has 15 years of experience working in various roles from User Support to leading Security Programs. Neil has profound experience in Security Architecture and Cybersecurity best practices, which helps him provide valuable insight to security teams. Before ThreatX, Neil worked with organizations such as Cognizant as an Application Security Architect, Cigital (now Synopsys) as their Practice Director of Vulnerability Assessments, and EIQ Networks (now Cygilant) as their Director of Security Research. Neil also served as a Cybersecurity Instructor and delivered numerous Security and Defensive Programming courses to various clients such as NASA and PayPal. He is an active member of the security community and delivered lectures at DEF CON, OWASP and local security meetups. Neil also acts as an adjunct lecturer on Software Engineering at his alma mater, Indiana University.