--- title: "Malicious Encryption Protection" slug: "how-does-wasabi-protect-against-malicious-encryption" updated: 2026-01-09T17:22:13Z published: 2026-01-09T17:22:13Z --- > ## Documentation Index > Fetch the complete documentation index at: https://docs.wasabi.com/llms.txt > Use this file to discover all available pages before exploring further. # Malicious Encryption Protection Wasabi supports the HTTPS protocol that supports [TLS 1.2 and TLS 1.3](https://docs.wasabi.com/docs/what-versions-of-tls-ssl-does-wasabi-support) for encryption during data transmission to and from Wasabi. There are several ways to ensure that you are protected from malicious encryption of your data: > If you use third-party tools to interact with Wasabi, contact the developers to confirm that their tools also support HTTPS with either the TLS 1.2 or TLS 1.3 protocol. - If you require encryption for data at rest, Wasabi supports Advanced Encryption Standard (AES) 256-bit key in compliance with NIST FIPS 197 (“Advanced Encryption Standard”) and NIST-aligned cryptographic practices, and also offers the option of server-side encryption (SSE). The SSE options include SSE-S3 (using AES256 encryption - X-Amz-Server-Side-Encryption: AES256) and [SSE-C](https://docs.wasabi.com/docs/how-does-sse-c-encryption-work-with-wasabi) (customer-based key - X-Amz-Server-Side-Encryption-Customer-Key). You can specify the SSE parameters using your S3 client application when you write objects to the bucket. - You can restrict access to your data using IAM policies that specify the users who can access specific buckets and objects. IAM policies provide a programmatic way to manage S3 permissions for multiple users. - You can sign up for [Wasabi Direct Connect](https://wasabi.com/cloud-object-storage/tools/direct-connect) options to prevent exposure to the public internet when transferring and receiving data. Wasabi Direct Connect and AWS Direct Connect are connectivity options used for high-speed, dedicated connections to the Wasabi service.