Upload File

symantec freak vulnerability infographic

1
@threatintel | www.symantec.com #FREAK FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME SECURE CONNECTIONS CLIENT PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE SOME BROWSERS CAN BE FORCED TO USE WEAK EXPORT GRADE KEYS MAN-IN-THE-MIDDLE ATTACK FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT) EXPORT GRADE ENCRYPTION <= 512 BIT KEYS 512 BIT TOO WEAK 7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s) TIMELINE OF SSL/TLS INSECURITY 1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 HEARTBLEED – SSL information leak vulnerability affecting many SSL implementations. POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked. FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios. SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES SERVER RAPIDLY INCREASING PROCESSING POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS NO LONGER SECURE NOW MOORE’S LAW Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

Upload: symantec

Post on 17-Jul-2015

1.962 views

Category:

Business


2 download

Report

Tags:

TRANSCRIPT

Page 1: Symantec Freak Vulnerability Infographic

@threatintel | www.symantec.com

#FREAK

FREAK TARGETS WEAK CRYPTO LATEST SSL VULNERABILITY ENABLES ATTACKS AGAINST SOME

SECURE CONNECTIONS

CLIENT

PRECAUTIONS User: Use non-vulnerable browser (Chrome, Firefox) Admin: Disable support for weak cipher suites such as export grade encryption

REMEMBER TO UPGRADE SOFTWARE WHEN PATCHES BECOME AVAILABLE

SOME BROWSERS CAN BE FORCED TO USE WEAK

EXPORT GRADE KEYS

MAN-IN-THE-MIDDLE ATTACK

FORCE DOWNGRADE ENCRYPTION FROM STRONG TO EXPORT GRADE (<= 512 BIT)

EXPORT GRADE ENCRYPTION <= 512 BIT KEYS

512 BIT TOO WEAK

7 HOURS IS ALL IT TAKES TO CRACK A 512 BIT ENCRYPTION KEY (Using < 100 typical PC’s)

TIMELINE OF SSL/TLS INSECURITY

1990s 512 bit export grade encryption key size was considered acceptable for public use but still allowed governments to decrypt communications if needed. 2000s (EARLY) Relaxation of controls on non-military grade cryptography. 1024 bit keys widely used and considered safe. 2013 Certificate Authority/Browser Forum increases the key size for Root CA certs. Baseline requirements jump from 1024 bits to 2048 bits. This should provide security headroom…for a while. 2014 • HEARTBLEED – SSL information leak vulnerability affecting many

SSL implementations.

• POODLE – SSL encryption downgrade dance can allow attackers to force weaker encryption on SSL connections which can then be cracked/hijacked.

• FREAK – Discovery of FREAK vulnerability, affecting many server implementations and browsers, could allow for multiple attack scenarios.

SOME SERVERS STILL SUPPORT EXPORT GRADE CIPHER SUITES

SERVER

RAPIDLY INCREASING PROCESSING

POWER MEANS WHAT WAS CONSIDERED SECURE IN THE 90s IS

NO LONGER SECURE NOW

MOORE’S LAW

Sources: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat

Presenter
Presentation Notes
https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States#Current_status https://www.cabforum.org/wp-content/uploads/Baseline_Requirements_V1.pdf http://www.symantec.com/connect/blogs/heartbleed-bug-poses-serious-threat-unpatched-servers http://www.symantec.com/connect/blogs/poodle-vulnerability-old-version-ssl-represents-new-threat �

CLEAN FREAK

Freak Strength PDF

Game freak

Intel Symantec Alliance Infographic

Freak cloting

Vip strong authentication : No Passwords - infographic by Symantec

What is Malware? - Infographic By Symantec

Dont Freak Out

Post breachdownload.microsoft.com/documents/pt-pt/Post_Breach...3 Symantec report: 2016 Symantec Internet Security Threat Report 4 promisec Blog: Endpoint Security Infographic Windows

Symantec: 2016 Security Predictions - Infographic

Social Lead Freak

SYMANTEC Backup Exec 2014 - infographic

Freak Love

Super Freak Report

Sports Freak

FREAK KING

Symantec Infographic: The psychology of trust in websites

Freak Strength 2

Cosmetic Freak

SHOOT THE FREAK

Freak the Mighty

Freak waves

Space Freak

Chic - Le Freak

Super Freak

16947 Symantec QuickStart Infographic US€¦ · Symantec WSTR 2015 "The number of new malware variants grew by 26% from 2013 to 2014" Symantec WSTR 2015 "There was 45 times more

Symantec Infographic - The State of Cyber Security

Doritos-Clean Freak

Freak Shows

Freak Brothers

Potato Freak Menu

Freak island

Freak Out No1

LE FeEAk' - tamostamos.net/~bemo/horn-arrangements/books and hot charts/lekandu Studio... · Le Freak, C'est Chic Freak out! Aaahh Freak out! Le Freak, C'est Chic Freak out! CHORUS

Bacon Freak