Detecting security issues in encryption protocols

If encryption protocols (such as SSL/TLS or SSH) are being used in an industrial network, Kaspersky Industrial CyberSecurity for Networks can detect various security issues in network interactions using these protocols. The application registers the appropriate event when detecting a security issue. The system event type for the detection of system commands is used to register these events.

The application registers events when it detects the following security issues in an encryption protocol:

• Use of an outdated version of an encryption protocol (DEPRECATED PROTOCOL VERSION).
• Use of a weak encryption algorithm (WEAK CIPHER TYPE).
• Use of an expired certificate (OUTDATED CERTIFICATE).
• Use of a self-signed certificate (SELF-SIGNED CERTIFICATE).

The list of detected security issues depends on the specific encryption protocol.

After installation, the application uses the original protocol processing modules that support a limited number of encryption protocols. You can update protocol processing modules by installing updates.

You do not need to add Process Control settings for devices to detect security issues in encryption protocols. The application analyzes the encryption protocols in all detected interactions.

To register security issue detection events, the following conditions must be met:

• Interaction Control is enabled in monitoring mode and Command Control technology is applied.
• The allow rules table does not contain any rules for Command Control technology that block the registration of events regarding security issues in encryption protocols. For example, the application may automatically create these rules in Interaction Control learning mode. If these rules are present in the allow rules table, you are advised to disable them.