Transport Security

Written By Dan Crawford

Last updated About 1 month ago

At Praetorian, the confidentiality and integrity of data in transit are of paramount importance. To safeguard sensitive information during communication, we implement the latest advancements in transport security, with a focus on Transport Layer Security (TLS) 1.3. Here's how we ensure secure and reliable communication across our platforms and services:

1. Protocol Upgrades

  • Adopting TLS 1.3: We exclusively use TLS 1.3 for transport security, the latest and most secure version of the TLS protocol. It eliminates outdated features like RSA key exchange and weak ciphers, ensuring a streamlined and robust security posture.

2. Encryption in Transit

  • Perfect Forward Secrecy (PFS): TLS 1.3 mandates ephemeral key exchanges, ensuring that even if a private key is compromised, past sessions remain secure.
  • Secure Ciphers: Only the strongest cipher suites, such as AES-GCM and ChaCha20-Poly1305, are enabled to protect against cryptographic vulnerabilities.

3. Authentication and Trust

  • Strict Certificate Validation: We leverage Certificate Authority Authorization (CAA) DNS records and strict validation practices to ensure certificates are issued only by trusted providers.
  • Mutual TLS (mTLS): For critical internal services, we implement mTLS to ensure both parties in a connection are authenticated, adding an extra layer of security.

4. Performance and Efficiency

  • Reduced Handshake Latency: TLS 1.3’s simplified handshake process decreases connection setup time, enhancing the user experience without compromising security.
  • Zero Round-Trip Time (0-RTT): Where applicable, we utilize 0-RTT for faster reconnections, ensuring efficient performance while mitigating replay attacks with additional safeguards.

5. Compliance and Governance

  • Strong Compliance Standards: Our TLS 1.3 implementation adheres to stringent industry compliance standards, including PCI DSS, GDPR, and SOC 2.
  • Continuous Monitoring: We actively monitor compliance with evolving regulatory requirements to ensure our security posture remains ahead of the curve.

6. Monitoring and Incident Response

  • Real-Time Threat Detection: Integrated monitoring systems detect anomalies in TLS traffic, such as downgrade attempts or suspicious activities.
  • Comprehensive Logging: Detailed logs of TLS handshake and session activities are maintained for auditing and rapid response to potential threats.