Transit encryption
Definition
Transit encryption refers to the protection of data as it moves between systems, applications, or networks. This is typically achieved using protocols such as TLS (Transport Layer Security) or IPsec, which encrypt data packets to prevent unauthorized access or interception during transmission. Ensuring data is encrypted in transit is a critical component of a comprehensive security strategy, safeguarding sensitive information from eavesdropping and man-in-the-middle attacks.
Secure Settings Example
# Example of a secure TLS configuration in an Nginx server block
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
}
Insecure Settings Example
# Example of an insecure TLS configuration in an Nginx server block
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1; # Insecure protocols
ssl_ciphers 'RC4:DES:3DES:!aNULL:!eNULL'; # Weak ciphers
ssl_prefer_server_ciphers off;
}