FAQ-000883 - External Platform Security / TLS and Transportation Security

To protect against transportation layer attacks, you can implement the following security measures: 1. **Use Secure Connections**: Ensure all communication uses HTTPS and SFTP. 2. **Enable TLS Encryption**: Use secure versions of TLS, disable weak ciphers, and generate long encryption keys. 3. **Redirect HTTP to HTTPS**: Redirect incoming HTTP requests to HTTPS to enforce secure connections. 4. **Implement HSTS**: Use HTTP Strict Transport Security (HSTS) to prevent downgrade attacks. 5. **Secure File Transfers**: Use SFTP for file transfers, as it employs encryption algorithms to secure data. These measures help safeguard data in transit and protect against potential attacks.

The FAQ content is accurate and well-structured, addressing the core transportation layer security concepts effectively. No significant changes are needed as the content aligns with security best practices and doesn't conflict with any available security rules. Regarding the related security rules: 1. **ApexInsecureEndpoint**: This rule directly relates to the FAQ's emphasis on using secure connections (HTTPS). The FAQ's first point about ensuring "all communication uses HTTPS" aligns with this rule's purpose of detecting insecure HTTP endpoints in Apex code. 2. **AvoidInsecureHttpRemoteSiteSetting**: This rule connects to the FAQ's transportation layer security focus, specifically the points about using secure connections and redirecting HTTP to HTTPS. The rule helps enforce secure remote site configurations. 3. **AvoidDisableProtocolSecurityRemoteSiteSetting**: This rule supports the FAQ's guidance on TLS encryption and secure connections by preventing the disabling of protocol security in remote site settings. 4. **UseHttpsCallbackUrlConnectedApp**: This rule reinforces the FAQ's emphasis on HTTPS usage, specifically for Connected App callback URLs, which is part of ensuring secure transportation layer communication.