Starting Early

—If your company has long-lived data and is a potential target of harvesting attacks, each day you delay taking action risks allowing attackers to harvest more information to decrypt later. The earlier you take action, the sooner you stop attackers from harvesting data to decrypt in the future.

Leveraging Existing Resources

—When you take your crypto inventory, leverage work you've already done for audits, Zero Trust, network enhancements, and other activities.

Educating Yourself

—Learn about the quantum computing threat, post-quantum cryptography (PQC), technologies and methods to harden your network against quantum attacks, and the new and emerging PQCs that you can use to protect your network. Learn from government mandates, plans, and laws, RFCs, and other information sources.

Follow RFC 6379 for

Suite B Cryptographic Suites for IPsec

to upgrade your VPN connections to tough cipher suites. Use Suite-B-GCM-256 and avoid weaker 128-bit AES algorithms, which are vulnerable to Grover's algorithm.

Upgrade your CA to 4K RSA key sizes to mitigate brute force attacks that can break smaller key sizes.

Migrate your VPN certificate authentication to new certificates with larger key sizes.

Upgrade to higher-bit SHA hash sizes such as SHA-384 and SHA-512. Stop using weak hashes such as MD5 and SHA-1.

Upgrade SSL/TLS connections to tough cipher suites; use TLSv1.3 with Perfect Forward Secrecy (PFS) ciphers.

Tunnel SSL/TLS sessions in hardened, client-to-server VPN sessions.

Configure your Vulnerability Protection profiles to block unsanctioned PQCs for traffic that you don't decrypt. For traffic that you decrypt, use a Decryption profile to block unsanctioned PQCs (the Decryption profile only allows the ciphers that you enable and the firewall blocks all other ciphers). Unsanctioned PQCs might indicate a breach or an internal bad actor attempting to use PQCs to compromise your network. Make exceptions as needed for your internal PEN testing teams.

Implement RFC 8784 to create IKEv2 VPNs that resist quantum attacks.

Don't use IKEv1. IKEv1 is considered to be a weak protocol and doesn't support post-quantum VPNs. If both IKE peers can support it, upgrade your VPN connections to IKEv2 and select

IKEv2 only mode

when you configure the IKE gateways (

Network

Network Profiles

IKE Gateways

General

).

Set the

Negotiation Mode

to

Mandatory

whenever you know both peers support RFC 8784. Using

Mandatory

mode ensures that the VPN resists post-quantum attacks and attackers can't harvest the data now and decrypt it later using a CRQC running Shor's algorithm.

When peering with external devices, try to ascertain whether the peer supports RFC 8784 and work with the other administrator to use the same PQ PPKs for the connection so that you can use

Mandatory

.

Manually specify or automatically generate a that is at least 64 characters (32 bytes, or 256 bits of entropy) in length to create a strong key. You can manually specify or automatically generate a

PPK Secret

that is up to 128 characters (64 bytes, 512 bits of entropy) long. The longer the PPK Secret, the greater the number of entropy bits, which makes the PPK Secret harder to crack.

The number of entropy bits provides half that number of bits of post-quantum security. For example, 256 bits of entropy provides 128 bits of post-quantum security and 512 bits of entropy provides 256 bits of post-quantum security. A minimum of 256 bits of entropy provides the security equivalent to Category 5 as defined in the NIST Post-Quantum Cryptography Call for Proposals. The Security Considerations section of RFC 8784 provides more details about entropy and what amount of entropy is sufficient.

Other best practices for handling PQ PPKs include: