T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K

Transcription

1 1 T H R EAT S A R E H I D I N G I N E N C RY P T E D T R A F F I C O N YO U R N E T W O R K Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi

2 T H R E A T S A R E H I D I N G I N E N2 W H AT YO U W I L L L E A R N Why encryption and digital certificates are helping our adversaries How to architect for today and tomorrow s SSL/TLS threatscape What you need to successfully run your operations What s your 45 day action plan 2

3 S S L / T L S T H R E AT S U P D AT E 3

4 T H R E A T S A R E H I D I N G I N E N4 P R O B L E M : Σ Κ Ό Τ Ο Σ = S C O T O M A = B L I N D S P O T

5 T H R E A T S A R E H I D I N G I N E N % A N D C L I M B I N G Of enterprise network traffic is encrypted with SSL/TLS today 5

6 T H R E A T S A R E H I D I N G I N E N6 5 0 % O F N E T W O R K AT TA C K S W I L L U S E S S L / T L S B Y % N E T W O R K AT TA C K S W I L L U S E S S L / T L S B Y % of 6

7 T H R E A T S A R E H I D I N G I N E N7 E N T U N N E L S M E A N S E C U R I T Y S Y S T E M S C A N T S E E W H AT S C O M I N G 7

8 T H R E A T S A R E H I D I N G I N E N8 T R A D I T I O N A L S E C U R I T Y S Y S T E M S C A N T K E E P U P W I T H P E R F O R M A N C E N E E D E D T O D E C R Y P T A N D I N S P E C T S S L / T L S N E T W O R K 8

9 9 D I F F E R E N C E S I N E N T E R P R I S E E N C R Y P T I O N S T R AT E G I E S B Y C O U N T R Y S o u r c e : P o n e m o n I n s t i t u t e G l o b a l 9 E n c r y p t i o n T r e n d s S t u d y

10 M A LWA R E A N D O U T B O U N D S S L 10

11 T H R E A T S A R E H I D I N G I N E N11 S S L / T L S : H I D D E N D A N G E R S Bad Actors are using encryption to: Hiding Malicious Actions and Messages Hiding the Initial Infection Hiding the Command and Control Channel Hiding Data Exfiltration 2987 blacklisted SSL certificates: Most (recently) are Dyre C&C, KINS C&C, Vawtrak MITM, Shylock C&C, URLzone C&C, TorrentLocker C&C, CryptoWall C&C, Upatre C&C, Spambot C&C, Retefe C&C, ZeuS MITM, etc. * TCP Ports used by Dyre Trojan for Hidden Command & Control - Blue Coat Labs 11

12 NGFW IDS / IPS Host AV Traditional Web Gateway SIEM Gateway DLP Web Application Firewall T H R E A T S A R E H I D I N G I N E N12 B A D G U Y S A R E E VA D I N G D E F E N S E S Traditional Enterprise Defenses Threat Actors Traditional Threats Advanced Threats Nation States Known Threats, Novel Malware Cybercrime Known Malware, Zero-Day Hactivists Known Files Threats Insider-Threats Known IPs/URLs Targeted Attacks Modern HTTPs

13 T H R E A T S A R E H I D I N G I N E N13 S S L / T L S : H I D D E N D A N G E R S Users: Are they SSL Aware? 13

14 T H R E A T S A R E H I D I N G I N E N14 N E X T B I G H A C K E R M A R K E T P L A C E W I L L B E I N S T O L E N C E R T I F I C AT E S 14

15 T H R E A T S A R E H I D I N G I N E N15 W H AT D O Y O U T H I N K T H I N G S L O O K L I K E? Secure Communications

16 T H R E A T S A R E H I D I N G I N E N16 SSL & SSH Keys & Certificates T H I S I S W H AT I T R E A L LY L O O K S L I K E SSL Keys & Certificates Secure Communications Server Authentication Client-side Server Authentication Secure Communications Server Authentication Client-side Authentication

17 T H R E A T S A R E H I D I N G I N E N17 M O R E K E Y S, M O R E C E R T I F I C A T E S, M O R E E N C R Y P T I O N

18 18 A R C H I T E C T I N G F O R S S L / T L S T H R E AT S

19 T H R E A T S A R E H I D I N G I N E N19 Today Ready for Threats A R C H I T E C T U R E G A P A N A LY S I S Role of Decryption Non-Existent/Tactical Strategic Inspection Points Few Performance Struggling Wirespeed Outbound Decryption: Internal trusted root CA Inbound Decryption: all keys & certs available Inbound Decryption: keys & certs securely distributed Few , flash drive, file server All available Encryption distribution w/o people 19

20 T H R E A T S A R E H I D I N G I N E N20 B A L A N C I N G C O M P L I A N C E A N D D ATA P R I VA C Y DATA PRIVACY CONCERNS RISK OF ADVANCED THREATS LEAD TO REQUIREMENTS 1) Manage what type of information is decrypted 2) Assure custody and integrity of encrypted data 20

21 T H R E A T S A R E H I D I N G I N E N21 I N B O U N D A N D O U T B O U N D T R A F F I C Inbound SSL Decryption Web & Servers, Customer Web Portals Outbound SSL Decryption Encrypted , Social Networks, CRM, etc. IPS & IDS AV DLP APM SIM & SIEM Forensics Security Solution IPS & IDS AV DLP APM SIM & SIEM Forensics Security Solution Internet Internet Web, & Portal Servers Clients

22 T H R E A T S A R E H I D I N G I N E N22 P K I A R C H I T E C T U R E F O R I N S P E C T I O N Inbound Outbound Enterprise Root STATIC SSL Decryption Intermediate STATIC www app.. v125.. GENERATED ON THE FLY google.com outlook.com dropbox.com

23 T H R E A T S A R E H I D I N G I N E N23 A R C H I T E C T U R E F O R V I S I B I L I T Y CLIENT INTERNET SERVER GLOBAL INTELLIGENCE NETWORK GATEWAY / FIREWALL SECURITY ANALYTICS CORPORATE SERVERS ❷ SSL VISIBILITY APPLIANCE ❸ ❶ ❹ SANDBOX CLIENT NG IPS Encrypted traffic Decrypted traffic 23

24 T H R E A T S A R E H I D I N G I N E N24 S S L B L I N D S P O T S I N A C T I O N : D ATA I N F I LT R AT I O N + E X F I LT R AT I O N U S I N G S S L Malware Infiltration and Data Exfiltration using Wireshark Compare pcaps from identical operations with and without SSL Inspection enabled in the network. Download from a file magnetic* from sourceforge.net (HTTP Download) Download a known file using HTTPS: Infiltration Upload sensitive data using HTTPS: Exfiltration 24

25 T H R E A T S A R E H I D I N G I N E N25 25

26 S S L B L I N D S P O T S : D ATA E X F I LT R AT I O N E X P E R I M E N T Symantec DLP Network Prevent Details: Base OS: MS Windows 2012 R2 DLP Network Prevent Software Version: 14 DLP Network Prevent configured to monitor HTTP and HTTPS ports. SSL Inspection Device: Hardware Mode:SV800 / Software Version Experiment: 1. Upload sensitive data using HTTP 2. SSL Inspection Disabled: Upload sensitive data using HTTPS 3. SSL Inspection Enabled: Upload sensitive data using HTTPS T H R E A T S A R E H I D I N G I N E N26 NOTE: SYMANTEC DOES NOT CLAIM THEY CAN INSPECT SSL TRAFFIC ON THEIR NETWORK DLP PRODUCTS 26

27 T H R E A T S A R E H I D I N G I N E N27 27

28 E C O N O M I C S O F S S L D E C R Y P T I O N Cost of No-Action =Infection=Intrusion=Breach=$ Direct Low performance -> higher cost to reach needed throughput Incomplete support for latest ciphers creates unseen blindspots Indirect Time and effort to identify, gather, distribute, and update keys & certificates T H R E A T S A R E H I D I N G I N E N28 28

29 O N G O I N G O P E R AT I O N S 29

30 T H R E A T S A R E H I D I N G I N E N30 M A I N TA I N I N G D E C R Y P T I O N Capture new keys and certificates (including those generated outside of IT security) Update renewed, rekey keys and certificates throughout SSL/TLS chain (e.g. firewall, load balancer, WAF, etc.)

31 31 W H AT U S E R B E N E F I T S D O E S T L S 1. 3 O F F E R Higher security than TLS 1.2 Only supports use of handshake mechanisms that provide Perfect Forward Secrecy RSA key exchange not supported Most existing ciphers are no longer supported Only support AEAD cipher suites AES-GCM, AES-CCM and CHACHA Most handshake messages are encrypted Higher speed Faster session establishment Fewer round trips before pass data Standard is 1 round trip time (RTT) compared with 2 in TLS 1.2 Option for 0 RTT with the ability for the client to send early data though with weaker security until the handshake completes Downgrade attack detection Allows client to detect if server did support 1.3 but used 1.2 because it was tricked into thinking the client doesn t support 1.3

32 33 M Y T H S A N D FA C T S A B O U T T L S 1. 3 It prevents MITM devices from being able to look at decrypted data More difficult but not impossible It will require new clients (browsers) Already implemented in browsers There is no possibility to do Passive decrypt for TLS 1.3 Must be a bump in the wire SSLV does not support TLS 1.3 We do already as you will see You cannot downgrade a session You can if you fully terminate TCP and TLS (i.e. full TLS proxy) It will be years before TLS 1.3 is implemented by major sites Once standard roll out will be fast for many large TLS sites on the Internet Google, Facebook, Cloudflare, CDNs all ready to roll Enterprise sites, particularly financial services are likely to take longer to adopt

33 4 5 D AY A C T I O N P L A N 34

34 T H R E A T S A R E H I D I N G I N E N35 YO U R 4 5 D AY A C T I O N P L A N Map your SSL footprint = Risk Exposure Decrypt once feed many v/s decryption in many places in network Performance impact of decryption on existing network/security devices Local regulations and compliance requirements Outbound: HR and Legal must be consulted to ensure user privacy is respected and preserved. Inbound: Obtaining keys/certificates, how will you keep them secure, how will you keep them updated 35

35 T H R E A T S A R E H I D I N G I N E N36 M A P Y O U R I N B O U N D S S L / T L S F O O T P R I N T Where and how many SSL/TLS enabled entities? What are all systems involved in SSL/TLS through DMZ? (e.g. firewall, load balancer, WAF, etc.) What are the security controls that need visibility in to encrypted traffic? How will you track keys and certificates? How frequently are they renewed and rekeyed? Who and how many are responsible for each key and certificate? How will you get them? How will you transfer keys and certificates? How will you update keys and certificates? 36

36 T H R E A T S A R E H I D I N G I N E N37 M A P Y O U R O U T B O U N D S S L / T L S F O O T P R I N T % of Total North-South Traffic is SSL/TLS encrypted SSL Versions seen on the networks SSL Versions have known vulnerabilities. SSL: Bad; TLS: Good BP: Do not allow known bad protocols Certificate Status Valid certificate v/s invalid certs Should not see any traffic with invalid certificate. BP: Do not allow not-valid cert traffic SSL/TLS traffic that isn t on port 443 Non-SSL traffic that is using port 443 Protocol versions in-use Ciphers used Strong v/s Weak cipher suites Logjam/Freak/Heartbleed BP: Do not allow connections with weak ciphers Top N SSL Sites by Request Users of SSL/TLS Traffic North-South communication 37

37 38 Manoj Sharma Technical Director Symantec Corp Mark Sanders Lead Security Architect Venafi THANK YOU