Top 5 SSL Attack VectorsWhite Paper

Top 5 SSL Attack Vectors

Top 5 SSL Attack Vectors

CONTENTS • SSL Vulnerabilities: The Web’s Weakest Link? ...........................................................................................................2

• SSL Attack Vector #1: Heartbleed ..............................................................................................................................4

• SSL Attack Vector #2: POODLE ..................................................................................................................................4

• SSL Attack Vector #3: FREAK .....................................................................................................................................4

• SSL Attack Vector #4: Shellshock Bash Bug ..............................................................................................................5

• SSL Attack Vector #5: Bar Mitzvah Attack .................................................................................................................5

• SSL and Cryptography Best Practices .......................................................................................................................5

• The Importance of Your Certificate Authority .............................................................................................................6

A TECHTARGET WHITE PAPER

Brought to you compliments of Cryptography forms the basis of trust on the internet. Without it, secure online shopping transactions wouldn’t be possible, private messages couldn’t be sent and sensitive corporate communications couldn’t safely transfer across websites and networks.

The exchange of sensitive information on websites, intranets and extranets depends on SSL/TLS encryption to keep data in transit private and secure. What we refer to as SSL is actually a protocol that is now called TLS, but industry shorthand still refers to this encryption mechanism either as SSL or sometimes as SSL/TLS, so to keep it simple we will use SSL in this document. When well-administered and utilizing the most up-to-date cryptographic components, SSL is extremely effective; however, it does require organizations pay attention to the details. When security researchers discover vulnerabilities in various parts of the SSL chain of trust, organizations must be prepared to work with their certificate authorities (CAs) and their internal IT operations group to address them swiftly.

SSL Vulnerabilities: The Web’s Weakest Link? The effectiveness of SSL in action requires addressing a number of factors in order to ensure solid management of the entire encryption ecosystem that handles SSL-protected data transfers.

At its heart, an SSL certificate consists of a key pair, as well as verified identification information. The pair consists of a private key that is held by the company using the certificate to encrypt its web content and a corresponding public key that is shared with those browsing that content.

When a web browser points to a secured website, the server shares the public key with the browser to establish an encryption method and a unique session key, which is used to encrypt and decrypt the data itself. Also included in the transaction is a digital signature. This signature is created by taking the data being sent and using a hashing algorithm to create an encoded representation of that data, which is itself then encrypted by the certificate’s private key. When the data arrives at the browser, it uses the public key to unencrypt the hash value to verify the data being sent hasn’t been tampered with and comes from the certificate owner. The browser confirms that it recognizes and trusts the issuer of the SSL certificate. This process is known as the “SSL handshake.” It begins a secure session that uses the unique session key to protect message privacy, message integrity, and server security. In order to ensure that the encryption and handshake process can’t be gamed, the website using the certificate and the CA must work together to ensure the following best practices are followed:

Key length: Encryption algorithms must continually be updated to account for new capabilities in cracking old cryptography. Key length is a crucial variable in this upgrade process. As things stand, SSL certificate keys need to be at least 2048-bit RSA or 256-bit ECC to avoid being easily attacked and unencrypted by unauthorized parties.

Strong hash algorithm: Similarly, hash algorithms also go obsolete. Today the only secure standard used for SSL certificates is SHA-2.

3

Root certificate security: CAs base all of the certificate key pairs they issue to customers off of a root certificate held internally at that CA. The value of that certificate must be heavily guarded by the CA, as the trustworthiness of all derivative certificates depend on the integrity of that root certificate.

Security of systems storing and using private SSL keys: The businesses to which CAs issue certificates must guard their private SSL keys religiously. These keys are the basis of trust for an organization’s entire web infrastructure and if they are compromised attackers can easily spoof websites and act as impostors to unsuspecting web users.

Choosing the right CA and certificate product will help with the first three items, but the last one is the gotcha for businesses and other organizations depending on SSL. In addition to ensuring safe storage of the private keys, organizations also must be able to quickly patch the web server and application infrastructure that uses SSL for encryption. Vulnerabilities in libraries and in how systems handle old versions of SSL could put that infrastructure at risk. When organizations fail to update SSL and related encryption systems or fail to scan systems for malware, they can end up with a false sense of security from SSL, which is only effective when fully patched and well-configured.

When SSL-protected systems are not fully updated, organizations risk exposing some of their most sensitive data, including personally identifiable information and any other sensitive data transmitted between the server and the web browser.

SSL vulnerabilities exist in a lot of places, but there are four in particular that have plagued IT operations staff like none other in the last two years:

• Heartbleed • POODLE• FREAK• BASH Bug• Bar Mitzvah Attack

Let’s talk about how these vulnerabilities impacted IT and the lessons we can learn from these potential attack vectors.

4

SSL Attack Vector #1: HeartbleedOne of the most impactful SSL bugs discovered to date, Heartbleed is a critical vulnerability in OpenSSL, a widely used cryptographic software library. This bug makes it possible for attackers to see the contents of the server memory, including data that may hold certificate private keys and authentication information such as cookies and passwords, allowing the attacker to impersonate as the rightful user.

| Heartbleed Fallout | When it was first discovered, Heartbleed affected 17 percent of SSL secured websites, impacting more than 600,000 web servers.1

The Heartbleed vulnerability caused the exposure of 4.5 million patient records at Ohio-based Community Health Systems.2

SSL Attack Vector #2: POODLEAs we mentioned before, what people refer to as SSL today is actually TLS, with the most recent version of TLS being TLS 1.2. POODLE (Padding Oracle On Downgraded Legacy Encryption) made it possible for attackers to take advantage of people supporting old versions of SSL 3.0 in tandem with TLS 1.2 to downgrade all connections to the less secure version and decrypt secure cookies sent over an SSL connection.

This vulnerability has no patch for many systems—the only solution is to stop using SSL 3.0 in favor of the more modern TLS 1.2.

| POODLE Fallout | Even five months after POODLE was first made public, 50% of the internet had not disabled SSL 3.0 on its sites, leaving 10 million sites vulnerable.3

SSL Attack Vector #3: FREAKFREAK allows attackers to perform a classic man in the middle attack, getting between a client and server to snoop on private communications. It came as the result of a flaw in OpenSSL client software and was easily exploitable on poorly configured web servers.

1 “More Than a Half-Million Servers Exposed To Heartbleed Flaw,” InformationWeek, April 9, 2014

2 “Heartbleed to Blame for Community Health Systems Breach,” CSO Online, August 19, 2014

3 “Was SSL3 Killed by a POODLE? Survey Says… Maybe!” SecurityWeek, Feburary 10, 2015

5

| FREAK Fallout | FREAK impacted hundreds of millions of iPhone, iPad and Android users.4

FREAK also affected all versions of Microsoft Windows.5

SSL Attack Vector #4: Shellshock Bash BugShellshock was the catchy name researchers made for a bug in Bash, a shell used in Unix operating systems, including the Linux OSes popular on most web servers today. The vulnerability gave attackers an opening to potentially plant malware on web servers that could be served up to unsuspecting site visitors.

| Shellshock Fallout | 70% of web servers run on Linux and were potentially at risk.6

Though it wasn’t directly related to SSL per se, Shellshock highlights how sites protected by SSL can still put visitors at risk without effective security hygiene on the server environment.

SSL Attack Vector #5: Bar Mitzvah AttackSecurity researchers have now shown that a 13-year-old weakness in the RC4 encryption algorithm supported by many browsers and servers makes it possible for attackers to sniff credentials and other information during an SSL session.

| Bar Mitzvah Fallout |30% of TLS sessions still use RC4, which has been obsolete for over a decade, with AES encryption currently in favor.7

SSL and Cryptography Best PracticesIn all of these cases, a joint effort between the organization and its CA can ensure minimal risk to the organization. Organizations should seek out CAs that will respond quickly to re-key affected certificates when new attack vectors and vulnerabilities present themselves.

Similarly, an effective CA should also offer free vulnerability assessments and malware scans to help organizations to whom they issue certificates to understand where SSL risks lie. On the other side of

4 “What Is Freak? Security Bug Affects Hundreds of Milllions of iPhone, iPad and Android Users,” International Business Times, March 4, 2015

5 “Freak Vulnerability Affects All Windows Versions: Microsoft,” SecurityWeek, March 6, 2015

6 “What Can You Do About the ‘Bash’ Bug? Not Much,” CNBC, September 26, 2014

7 “SSL/TLS Suffers ‘Bar Mitzvah Attack,’” InformationWeek, March 26, 2015

6

the fence, the certificate-using organization itself needs to be prepared to patch systems in a timely fashion and depend on the most up-to-date TLS versions in order to ensure their SSL ecosystem depends on the most secure components.

Additionally, other security measures should be considered. For example, a well-placed web application firewall (WAF) can help block attacks against vulnerable systems until they can be reengineered to fully update them.

The Importance of Your Certificate AuthorityWork with a trusted CA that can handle any storm. While there are many new CAs on the market now that have sold their certificates based solely on price point, cost should only be one component in the evaluation process. An established CA with a solid reputation is more likely to address emergencies like Heartbleed, POODLE, FREAK, and BASH bug in a timely fashion. Low-cost CAs may not be nearly as responsive.

As the first CA in existence, Symantec has the legacy and the resources to support its certificate customers in good times and bad. As a company, Symantec’s internal security over root certificates and certificate infrastructure is unimpeachable. Since 2004, our trust services division has ensured a remarkable 100% uptime.

Symantec offers a free SSL tool to check the security configuration and vulnerability status of individual certificates: https://cryptoreport.websecurity.symantec.com/checker. Symantec also supports clients with up-to-date vulnerability and malware scanning.

7

More Information

Visit our websitehttps://www.symantec.com/ssl-certificates

To speak with a Product SpecialistNorth America: +1(866) 893-6565 or +1(520) 477-3135; SSL_EnterpriseSales_NA@symantec.comU.K.and Ireland: +0800 032 2101; sslsales-uk@symantec.comRest of EMEA: +353 1 793 9053 or +41 (0) 26 429 7929; sslsales-ch@symantec.comAsia Pacific: +61 3 9674 5500; ssl_sales_APAC@symantec.com

To speak with a Product Specialist outside the U.S.To speak with additional product specialists around the world, visit our website for specific offices and contact numbers.

About SymantecSymantec protects the world’s information and is the global leader in security, backup, and availability solutions.Our innovative products and services protect people and information in any environment – from the smallest mobile device to the enterprise data center to cloud-based systems.Our industry leading expertise in protecting data, identities, and interactions gives our customers confidence in a connected world.More information is available at www.symantec.com or by connecting with Symantec at: go.symantec.com/socialmedia.

Symantec World Headquarters350 Ellis StreetMountain View, CA 94043 USA1-866-893-6565www.symantec.com

Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the checkmark Circle Logo and the Norton Secured Logo are trademarks or registered trademarksof Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.