SSL Attacks – When Hackers Use Security Against You
In World War II, the Allies had a significant advantage because they were able to compromise the encryption protocols that the Japanese and Germans used to send sensitive messages. They were able to intercept and decode messages to gain intelligence concerning sensitive military operations.
In today’s Internet Age, malicious hackers are using standard encryption standards that businesses implement to secure their communications. They are sending attacks inside the security protocols that are designed to protect the application.
Secrecy is a two-way street
Organizations use secure sockets layer (SSL) and transport layer security (TLS) to encrypt their internet communications. The encryption protocols are utilized to ensure privacy and ensure data integrity. Unfortunately, the encryption protocols secure all application data, whether it is legitimate or malicious.
Hackers are using the SSL/TLS protocols as a tool to obfuscate their attack payloads. A security device may be able to identify a cross-site scripting or SQL injection attack in plaintext, but if the same attack is encrypted using SSL/TLS, the attack will go through unless it has been decrypted first for inspection.
Hackers have also been able to find vulnerabilities within the SSL/TLS protocol itself. As an internet protocol, SSL/TLS is vulnerable to bugs and exploits. Hackers have taken advantage of renegotiation flaws, the POODLE vulnerability, and Heartbleed to name a few.
Defending against your own security tool
Organizations are in a quandary, having to use SSL/TLS technologies to protect their applications, but also needing tools to protect against the same protocols because the hackers are using them against the business.
Perimeter security defenses need to process SSL/TLS traffic and determine whether the connections are legitimate or part of a DDoS or application attack. Ideally, the system can manage the SSL/TLS traffic at a performance level that does not impact the network and application availability.
Because of the heavy resource requirements to manage encrypted SSL/TLS connections, the security solution must have a methodology to process and triage the connections. When necessary, the solution can offload the SSL/TLS connection to a high-performance encryption system that can perform a proper challenge/response to validate the SSL/TLS connection.
In addition, this encryption system can inspect and validate the content when necessary. The SSL inspection solution must be out-of-band to ensure that it does not become a bottleneck when the number of SSL connections increase.
DefenseSSL for inbound protection
Inbound SSL inspection and mitigation solutions are an important and essential part of the perimeter DDoS mitigation and application security solutions. Over 50% of the traffic on the internet is encrypted today and the number is increasing.
Any proper perimeter network security solution providing DDoS mitigation and application security services needs to incorporate a robust and scalable SSL inspection solution. Scalability and resiliency is critical in the perimeter defense solution. Businesses have an obligation to protect against the threats to their networks and applications, even if the threats were installed by them.