SSL/TLS Trends, Practices, and Futures. Brian A. McHenry, Security Solutions

Transcription

1 SSL/LS rends, ractices, and Futures Brian A. McHenry, Security Solutions

2 Who is this guy? F5 Networks, Inc. 2

3 Agenda 1. Global SSL Encryption rends and Drivers 2. A Few Best ractices 3. Solutions 4. What s Next? F5 Networks, Inc. 3

4 Gartner Says Worldwide Information Security Spending Will Grow Almost 8 ercent in 2014 Worldwide spending on information security will reach $71.1 billion in 2014 Data loss prevention segment recording the fastest growth at 18.9 percent, By 2015, roughly 10% of overall I security enterprise product capabilities will be delivered in the cloud Regulatory pressure will increase in Western Europe and Asia/acific from 2014 F5 Networks, Inc. 4

5 rajectory and Growth of Encryption SSL growing ~30% annually. Entering the Fifth wave of transition (IoE) 3.5 MARKE AMLIFIERS Customer rends: Millions of Certificates (CA) E-Commerce rivacy Mobility S n o w d e n IoE FS/ECC Demanded SSL Labs Application Scoring Emerging Standards: LS 1.3, H 2.0/SDY RSA -> ECC 0.5 hought Leaders and Influence: 0.0 Source: Netcraft Years Google: SHA2, SDY, Search Ranking by Encryption Microsoft: FS Mandated F5 Networks, Inc. 5

6 imeline of SSL Vulnerabilities & Attacks August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack RFC 5746 LS extension for secure renegotiation quickly mainstreamed BEAS & CRIME Client-side or MIB attacks leveraging a chosen-plaintext flaw in LS 1.0 and LS compression flaws Lucky 13 Another timing attack. RC4 Attacks Weakness in CBC cipher making plaintext guessing possible IME A refinement and variation of CRIME Heartbleed he end of the Internet as we know it! August 2009 February 2010 September 2011 February 2013 March 2013 March 2013 April 2014 F5 Networks, Inc. 6

7 he hree illars of SSL Everywhere SSL Intelligence and Visibility (Full roxy) Market Leading Encryption: Optimized SSL in Hardware and Software Cipher Diversity (RSA, ECC, DSA) SSL Visibility: roxy SSL & Forward roxy SSL raffic Intelligence: HSS, H 2.0/ SDY, OCS Stapling, LS Server Session icket Enterprise key & Certificate Management Fully Automated Key and Certificate Management: For all BIG-I platforms For all vendor platforms 3 rd arty Integration for best-in-class key encryption: Venafi, Symantec/ VeriSign KI Supported Environments Hardware Security Modules Advance HSM Support: Highest erforming HSM options Virtualized low-bandwidth options Market Leading HSM Vendor Support F5 Networks, Inc. 7

8 Data rotection: Microsoft and Google Expands Encryption F5 Networks, Inc. 8

9 If You hought Encryption was confusing ECC, FS and Curves Not all curves are considered equal Different Authorities: US NIS (US National Institute of Standards) with (recently superseded in 2009 by the new186-3) US ANSI (American National Standard Institute) with X9.62 US NSA (National Security Agency) Suite-B Cryptography for O SECRE information exchange International SACG (Standards for efficient cryptography group) with Recommended Elliptic Curve Domain arameters German ECC Brainpool withecc Brainpool with their Strict Security Requirements ECC Interoperability Forum composed by Certicom, Microsoft, Redhat, Sun, NSA F5 Networks, Inc. 9

10 If You hought Encryption was confusing ECC, FS and Curves Not all curves are considered equal Different Names: Secp246r1, rime256v1, NIS -256 Different Kinds of Curves: ECC over rime Field (Elliptic Curve) ECC over Binary Field (Koblitz Curve) Other Curves: Curve25519 (Google) Mumford (Microsoft) Brainpool F5 Networks, Inc. 10

11 HSM Evolution he Convergence Data in Motion ADC (BIG-I) CI CARDS Data at Rest ALICAION SERVERS CI CARDS II IoE NEWORK HSM Development Manufacturing ecommerce DB HYBRID HSM F5 Networks, Inc. 11

12 Some SSL Best ractices

13 SSL: Not Just for Security Google has begun adjusting page rank based on SSL implementations F5 customers have third-party/b2b requirements for strong encryption SSL Labs ulse tool has made testing easy Users and businesses are choosing services based on ulse grades F5 Networks, Inc. 13

14 Achieving A+ Grades on SSLLabs.com Set the option for Secure Renegotiation to Require Disable SSLv2 and SSLv3 (DEFAUL in 11.5+) Use an explicit, strong cipher string, such as: NAIVE:!SSLv3:!LSv1:!EXOR:!DH:!MD5:!RC4:RSA+AES:RSA refer erfect Forward Secrecy (FS) Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above Enable H Strict ransport Security (HSS) irule in pre-badger versions of MOS Integrated into H profile in next release F5 Networks, Inc. 14

15 F5 Networks, Inc. 15

16 What & When Feature MOS ECC FS SHA256 (SHA2) 10.x SDY H 2.0* HSS irules/12.0 Network HSM* Onboard HSM Y SNI Hybrid Certificates (ECC & RSA)* F5 Networks, Inc. 16

17 A eek Under the Hood

18 Full roxy Security Client / Server Client / Server Web application Application health monitoring and performance anomaly detection Web application ASM Application H proxy, H DDoS and application security Application SWG roxy SSL (Visibility) Session SSL inspection and SSL DDoS mitigation Session SSL Forward roxy (Visibility) Network L4 Firewall: Full stateful policy enforcement and C DDoS mitigation Network hysical hysical F5 Networks, Inc. 18

19 FS, ECC and SSL Visibility roxy SSL/ Split SSL SSL Forward roxy SSL Offload (Classic) Supported KeyExchange RSA RSA ECDHE-RSA EDH-RSA Full Support Un-Supported KeyExchange ECDHE-RSA ECDHE-ECDSA ECDH-ECDSA EDH-RSA DHE-DSS ECDHE-ECDSA ECDH-ECDSA DHE-DSS F5 Networks, Inc. 19

20 BIG-I Architecture roxy Chain Intelligent Full roxy Benefits Clients Data Center App point of delivery & definition BIG-I latform App Intelligence - layer 3-7 visibility Distinct client / server control Unified services / context Interoperability and gateway functions C S S L roxy Chain H R O X Y H S S L C HUD chains are a series of filters which implement the configuration. he HUD chain is divided into two halves, client and server side. Filters on HUD chains usually are arranged as client/server pairs. he two halves are joined by the proxy. F5 Networks, Inc. 20

21 BIG-I Architecture SSL ermination Intelligent Full roxy Benefits Clients Data Center App point of delivery & definition BIG-I latform App Intelligence - layer 3-7 visibility Distinct client / server control Unified services / context Interoperability and gateway functions C S S L roxy Chain H R O X Y H S S L C Each SSL filter handles connection to device on their side of the proxy. Normally, the two SSL filters operate completely independently. Between the two filters, all data is available unencrypted. o fully offload the backend server, remove the server side SSL filter. F5 Networks, Inc. 21

22 BIG-I Architecture roxy SSL Intelligent Full roxy Benefits Clients Data Center BIG-I latform Allows server to perform client cert auth L7 content inspection after handshake Certificate transparent to end user C S S L roxy Chain H R O X Y H S S L C roxy SSL allows the client certificate to be presented to the server. Intermediary filters are disabled. SSL filters operate in monitor mode during the handshake. ost-handshake, SSL enables decryption and other filters. F5 Networks, Inc. 22

23 BIG-I Architecture Forward SSL Forward SSL roxy Benefits Clients Data Center Inspect secure traffic at network edge ransparent to the end user olicy based bypass by: Source I Address Destination I Address Host Name (SAN,CN,SNI) C S S L BIG-I latform roxy Chain H R O X Y H S S L C Forward SSL is used in Forward roxy deployments. Just in time certificate creation is used to decrypt SSL connections. Enables policy based inspection of secure content. Requires the ability to create trusted certificates to work. F5 Networks, Inc. 23

24 What s Next?

25 New Feature: H Strict ransport Security RFC 6797 HSS is enabled by the Strict-ransport-Security H header e.g.: Strict-ransport-Security: max-age= ; includesubdomains; preload When received, browsers will: Automatically convert H references to HS references Disallow certificate exemptions (self-signed, etc.) Cache HSS information and reuse stored values for new sessions AVAILABLE IN 12.0 F5 Networks, Inc. 25

26 H Strict ransport Security Configuration H rofile Screen F5 Networks, Inc. 26

27 External Remote Crypto Offload Configuration Client Crypto Offload Settings Server Crypto Offload Settings F5 Networks, Inc. 27

28 New Feature: OCS Stapling A Quick rimer on Certificate Revocation If a SSL certificate is stolen or compromised, sites need a way to revoke the certificate so it will no longer be trusted. Revocation is handled by either CRL or OCS. CRL: Certificate Revocation List he browser retrieves the list of all revoked certificates from the CA. he browser then parses the whole list looking for the certificate in question. OCS: Online Certificate Status rotocol he browser sends the certificate to the CA for validation. he CA responds that the certificate is good, revoked, or unknown. OCS is more efficient than CRL, but there s room for improvement! AVAILABLE IN 11.6 F5 Networks, Inc. 28

29 OCS & CRL Checks Hurt erformance OCS and CRL checks add significant overhead: DNS (1334ms) C handshake (240ms) SSL handshake (376ms) Follow certificate chain (1011ms) DNS to CA (300ms) C to CA (407ms) OCS to CA #1 (598ms) C to CA #2 (317ms) OCS to CA #2 (444ms) Finish SSL handshake (1270ms) <OAL: 6.3 Seconds> his portion is revocation check overhead. Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. hese checks are serial and block downloads. F5 Networks, Inc. 29

30 OCS Stapling to the Rescue OCS Stapling allows the server to attach CA signed information regarding the certificates validity. rocessing with OCS enabled: DNS (1334ms) C handshake (240ms) SSL handshake (376ms) Follow certificate chain (1011ms) rocess OCS Data (10ms) Finish SSL handshake (1270ms) <OAL: 4.2 Seconds> OCS Stapling also eliminates communication with a third party during certificate validation. his may be considered better security since it prevents information leakage. F5 Networks, Inc. 30

31 OCS Stapling Configuration rofile Location Assignment to Client SSL rofile F5 Networks, Inc. 31

32 OCS Stapling Configuration Changes to roxy ool when Use roxy Server is enabled F5 Networks, Inc. 32

33 SSL Everywhere RA Bringing it all ogether SSL termination and inspection from BIG-I Local raffic Manager (LM) Hybrid cipher support for ECC and RSA ciphers SSL crypto-offload for additional SSL capacity Integration with network HSMs from SafeNet and hales for key management F5 Networks, Inc. 33

34 SSL Everywhere F5 Networks, Inc. 34

35