The National Institute of Standards and Technology has announced an update to a document that helps computer administrators maintain the security of information traveling across their networks.
The document (NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security Implementations), updated the original SP 800-52, released in 2005.
TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data that is passed back and forth – which is also an area related to the Heartbleed OpenSSL bug.
According to NIST, the IETF found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues.
SP 800-52 Rev. 1 offers guidance to administrators includes recommendations on how to configure options such as which algorithms to use and the length of cryptographic keys, says NIST computer security expert Andrew Regenscheid.
