Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network security. Updating your browsers and OS to TLS 1.2 is imperative in order to maintain access to WPA2-Enterprise and onboarding software. Moving away from TLS 1.0 and 1.1 is recommended for a variety of security reasons, not just for WPA2-Enterprise, so we recommend everyone deprecates the older protocols.
This industry-wide update has been accepted by the PCI Security Standards Council as the next iteration in network security. Most internet browsers have already made the switch, and major brands like Google, Office365, and Slack will transition in early 2020. We recently sent out a notice informing our clients to notify their end users to update their older devices’ operating systems and browsers to ensure that no devices lose network connectivity.
What is TLS?
TLS, or Transport Layer Security, is a network security protocol that protects online communication and data exchange. It’s the foundation for high-quality network authentication like EAP-TLS. First developed in the mid-1990s as SSL (Secure Socket Layer), it has been occasionally updated to eliminate data theft by patching vulnerabilities.
What If I Don’t Update to TLS 1.2?
Organizations that use WPA2-Enterprise onboarding software need to update their OS and browsers to ensure they support TLS 1.2. Otherwise, your browsers will not be able to handle 1.2 and you will be denied access to onboarding software and subsequently WPA2-Enterprise.
PCI standards require that organizations update their browsers or else you could face a fine ranging from $5,000 to $500,000. Failure to comply with policy standards could also remove your ability to take credit card payments. TLS 1.2 is now the default for most internet browsers, which can cause problems when attempting to connect to sites that haven’t updated to 1.2.
We have recently informed our customers to ask their end users to update their web browsers and operating systems to mitigate the effects the deprecation of TLS 1.0 and 1.1 will have. The following are the operating systems that do not support TLS 1.2:
- Android 4.3 and below
- macOS 10.6 and below
- iOS 8 and below
- Windows 7 (without TLS 1.2 patch) and below
There are many other security risks caused by sticking to TLS 1.0 or 1.1, so we strongly recommend everyone updates their devices to support TLS 1.2.
Vulnerabilities in TLS 1.0 and 1.1 in WPA2-Enterprise
TLS 1.1 and previous updates are no longer capable of supporting WPA2-Enterprise networks because of their vulnerabilities in regards to cyber attacks. These iterations of TLS have been around for a while, attackers have discovered weak points in the protocols and developed specific attacks to infiltrate the network.
One of these instances is known as POODLE, or Padding Oracle On Downgraded Legacy Encryption. It uses a man-in-the-middle attack to infiltrate an online network channel by disguising itself as a legitimate server. The client is then manipulated into downgrading security to the outdated and vulnerable SSL 3.0 protocol. But POODLE is just one way to exploit TLS vulnerabilities, as there are more dangerous types of attacks.
TLS 1.2 is the Best Practice for Deploying WPA2-Enterprise/802.1x
TLS 1.2 comes with several improvements, mainly patching the vulnerabilities that plague previous iterations. TLS 1.2 improves cipher suites that reduce reliance on block ciphers that have been exploited by attacks like BEAST and the aforementioned POODLE. TLS 1.2 supports more advanced versions of cryptography and adds TLS extensions and cipher suites.
Updating your browsers and operating systems to TLS 1.2 will ensure that you still have access to WPA2-Enterprise. If you use onboarding software to deploy certificates, the TLS 1.2 update makes sure that devices will stay configured.
Migrating to TLS 1.2 with WPA2-Enterprise
TLS 1.2 is the updated industry standard and every major company has complied. Keeping your current TLS network leaves you at great risk for theft and fines. Internet browsers will have issues connecting to your website and you will be unable to process credit card payments. TLS 1.2 will keep your WPA2-Enterprise network secure. If you’re interested in deploying WPA2-Enterprise for your business, click here to see our cost-effective solution.