SSL/TLS Trends, Practices, and
Futures
Brian A. McHenry, Security Solutions Architect
bam@f5.com
@bamchenry
© F5 Networks, Inc. 2
1. Global SSL Encryption Trends and Drivers
2. A Few “Best” Practices
3. Solutions
4. What’s Next?
A...
© F5 Networks, Inc. 3
• Worldwide spending on information security will reach $71.1 billion in 2014
• Data loss prevention...
© F5 Networks, Inc. 4
IoEE-Commerce Privacy Mobility
S
n
o
w
d
e
n
Trajectory and Growth of Encryption
Customer Trends:
• ...
© F5 Networks, Inc. 5
Timeline of SSL Vulnerabilities & Attacks
February
2010
September
2011
February
2013
March
2013
Marc...
© F5 Networks, Inc. 6
And the Hits Just Keep on Coming…
© F5 Networks, Inc. 7
SSL	
  Intelligence	
  and	
  
Visibility	
  (Full	
  Proxy)
Enterprise	
  key	
  &	
  Certificate	
...
© F5 Networks, Inc. 8
Data Protection:Microsoft and Google Expands Encryption
© F5 Networks, Inc. 9
Not all curves are considered equal
Different Authorities:
• US NIST (US National Institute of Stand...
© F5 Networks, Inc. 10
Not all curves are considered equal
Different Names:
• Secp256r1, Prime256v1, NIST P-256
• Secp384r...
Some SSL Best Practices
© F5 Networks, Inc. 12
• Google has begun adjusting page rank based on SSL implementations
• F5 customers have third-party...
© F5 Networks, Inc. 13
• Set the option for Secure Renegotiation to “Require”
• Disable SSLv2 and SSLv3 (DEFAULT in 11.5+)...
© F5 Networks, Inc. 14
HTTP Strict Transport Security iRule
when HTTP_RESPONSE {
HTTP::header insert Strict-Transport-Secu...
© F5 Networks, Inc. 15
• RFC 6797
• HSTS is enabled by the “Strict-Transport-Security” HTTP header
e.g.: Strict-Transport-...
© F5 Networks, Inc. 16
HTTP Strict Transport Security Configuration
HTTP Profile Screen
© F5 Networks, Inc. 17
© F5 Networks, Inc. 18
If I sound smart about crypto…
© F5 Networks, Inc. 19
SSL Feature Availability
Feature TMOS
TLS 1.2 10.2.3
ECC 11.4.0
PFS 11.4.0
SHA256 (SHA2) 10.2.3
SPD...
A Peek Under the Hood
© F5 Networks, Inc. 21
Network
Session
Application
Web	
  application
Physical
Client	
  /	
  Server
L4	
  Firewall:	
  Fu...
© F5 Networks, Inc. 22
Proxy Chain
HUD chains are a series of filters which implement the configuration.
The HUD chain is ...
© F5 Networks, Inc. 23
Proxy Chain
Each SSL filter handles connection to device on their side of the proxy.
Normally, the ...
© F5 Networks, Inc. 24
Data Center
Proxy Chain
Proxy SSL allows the client certificate to be presented to the server.
Inte...
© F5 Networks, Inc. 25
Proxy Chain
Forward SSL is used in Forward Proxy deployments.
“Just in time” certificate creation i...
What’s Next?
© F5 Networks, Inc. 27
A Quick Primer on Certificate Revocation
• If a SSL certificate is stolen or compromised, sites nee...
© F5 Networks, Inc. 28
• OCSP and CRL checks add significant overhead:
•DNS (1334ms)
•TCP handshake (240ms)
•SSL handshake...
© F5 Networks, Inc. 29
• OCSP Stapling allows the server to attach CA
signed information regarding the certificates
validi...
© F5 Networks, Inc. 30
OCSP Stapling Configuration
Changes to ‘Proxy Pool’ when ‘Use
Proxy Server’ is enabled
© F5 Networks, Inc. 31
OCSP Stapling Configuration
Profile Location Assignment to Client SSL Profile
© F5 Networks, Inc. 32
• SSL termination and inspection from
BIG-IP® Local Traffic Manager™
(LTM)
• Hybrid cipher support f...
© F5 Networks, Inc. 33
SSL Everywhere
F5 TLS & SSL Practices
Prochain SlideShare
Chargement dans…5
×

F5 TLS & SSL Practices

10 603 vues

Publié le

Best practices and trends around SSL and TLS encryption.

Publié dans : Technologie
0 commentaire
13 j’aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Nombre de vues
10 603
Sur SlideShare
0
Issues des intégrations
0
Intégrations
454
Actions
Partages
0
Téléchargements
674
Commentaires
0
J’aime
13
Intégrations 0
Aucune incorporation

Aucune remarque pour cette diapositive

F5 TLS & SSL Practices

  1. 1. SSL/TLS Trends, Practices, and Futures Brian A. McHenry, Security Solutions Architect bam@f5.com @bamchenry
  2. 2. © F5 Networks, Inc. 2 1. Global SSL Encryption Trends and Drivers 2. A Few “Best” Practices 3. Solutions 4. What’s Next? Agenda
  3. 3. © F5 Networks, Inc. 3 • Worldwide spending on information security will reach $71.1 billion in 2014 • Data loss prevention segment recording the fastest growth at 18.9 percent, • By 2015, roughly 10% of overall IT security enterprise product capabilities will be delivered in the cloud • Regulatory pressure will increase in Western Europe and Asia/Pacific from 2014 Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014
  4. 4. © F5 Networks, Inc. 4 IoEE-Commerce Privacy Mobility S n o w d e n Trajectory and Growth of Encryption Customer Trends: • PFS/ECC Demanded • SSL Labs Application Scoring Emerging Standards: • TLS 1.3, HTTP 2.0/SPDY • RSA -> ECC Thought Leaders and Influence: • Google: SHA2, SPDY, Search Ranking by Encryption • Microsoft: PFS Mandated MARKET AMPLIFIERS SSL growing ~30% annually. Entering the Fifth wave of transition (IoE) 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 1998 2002 2006 2010 2014 Source: Netcraft MillionsofCertificates(CA) Years
  5. 5. © F5 Networks, Inc. 5 Timeline of SSL Vulnerabilities & Attacks February 2010 September 2011 February 2013 March 2013 March 2013 … April 2014 RC4 Attacks Weakness in CBC cipher making plaintext guessing possible BEAST & CRIME Client-sideor MITB attacks leveraging a chosen-plaintext flaw in TLS 1.0 and TLS compression flaws RFC 5746 TLS extension for secure renegotiation quickly mainstreamed Lucky 13 Another timing attack. August 2009 August 2009 Insecure renegotiation vulnerability exposes all SSL stacks to DoS attack TIME A refinement and variation of CRIME Heartbleed The end of the Internet as we know it!
  6. 6. © F5 Networks, Inc. 6 And the Hits Just Keep on Coming…
  7. 7. © F5 Networks, Inc. 7 SSL  Intelligence  and   Visibility  (Full  Proxy) Enterprise  key  &  Certificate   Management   Advance  HSM  Support: • Highest  Performing   HSM   options • Virtualized   low-­‐bandwidth   options • Market  Leading  HSM   Vendor   Support   Market  Leading  Encryption:   • Optimized   SSL  in  Hardware   and  Software • Cipher  Diversity  (RSA,  ECC,   DSA) • SSL  Visibility:   Proxy  SSL  &   Forward  Proxy • SSL  Traffic  Intelligence: • HSTS,  HTTP  2.0/SPDY,   OCSP  Stapling,   TLS     Server  Session  Ticket Fully  Automated   Key  and   Certificate  Management:     • For  all  BIG-­‐IP  platforms • For  all  vendor   platforms • 3rd Party  Integration  for  best-­‐ in-­‐class  key  encryption:   Venafi,   Symantec/  VeriSign • PKI  Supported   Environments The Three Pillars of SSL Everywhere Hardware  Security  Modules  
  8. 8. © F5 Networks, Inc. 8 Data Protection:Microsoft and Google Expands Encryption
  9. 9. © F5 Networks, Inc. 9 Not all curves are considered equal Different Authorities: • US NIST (US National Institute of Standards) with 186-2 (recently superseded in 2009 by the new186-3) • US ANSI (American National Standard Institute) with X9.62 • US NSA (National Security Agency) Suite-B Cryptography for TOP SECRET information exchange • International SACG (Standards for efficient cryptography group) with Recommended Elliptic Curve Domain Parameters • German ECC Brainpool withECC Brainpool with their Strict Security Requirements • ECC Interoperability Forum composed by Certicom, Microsoft, Redhat, Sun, NSA If You Thought Encryption was confusing… ECC, PFS and Curves
  10. 10. © F5 Networks, Inc. 10 Not all curves are considered equal Different Names: • Secp256r1, Prime256v1, NIST P-256 • Secp384r1, NIST-P384 Different Kinds of Curves: • ECC over Prime Field (Elliptic Curve) • ECC over Binary Field (Koblitz Curve) Other Curves: • Curve25519 (Google) • Mumford (Microsoft) • Brainpool • DUAL_EC_RBNG If You Thought Encryption was confusing… ECC, PFS and Curves
  11. 11. Some SSL Best Practices
  12. 12. © F5 Networks, Inc. 12 • Google has begun adjusting page rank based on SSL implementations • F5 customers have third-party/B2B requirements for strong encryption • SSL Labs’ Pulse tool has made testing easy • Users and businesses are choosing services based on Pulse grades SSL: Not Just for Security
  13. 13. © F5 Networks, Inc. 13 • Set the option for Secure Renegotiation to “Require” • Disable SSLv2 and SSLv3 (DEFAULT in 11.5+) • Use an explicit, strong cipher string, such as: • !SSLv2:!EXPORT:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:DHE+AES- GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:-MD5:-SSLv3:-RC4 • Prefer Perfect Forward Secrecy (PFS) • Done via prioritizing Ephemeral (DHE, ECDHE) ciphers in the string above • Enable TLS_FALLBACK_SCSV extension • Enable HTTP Strict Transport Security (HSTS) • iRule prior to TMOS version 12.0 • Integrated into HTTP profile in next release Achieving A+ Grades on SSLLabs.com
  14. 14. © F5 Networks, Inc. 14 HTTP Strict Transport Security iRule when HTTP_RESPONSE { HTTP::header insert Strict-Transport-Security "max- age=[expr {$static::expires - [clock seconds]}]; includeSubDomains” }
  15. 15. © F5 Networks, Inc. 15 • RFC 6797 • HSTS is enabled by the “Strict-Transport-Security” HTTP header e.g.: Strict-Transport-Security: max-age=10886400; includeSubDomains; preload • When received, browsers will: • Automatically convert HTTP references to HTTPS references • Disallow certificate exemptions (self-signed, etc.) • Cache HSTS information and reuse stored values for new sessions New Feature: HTTP Strict Transport Security AVAILABLE IN 12.0
  16. 16. © F5 Networks, Inc. 16 HTTP Strict Transport Security Configuration HTTP Profile Screen
  17. 17. © F5 Networks, Inc. 17
  18. 18. © F5 Networks, Inc. 18 If I sound smart about crypto…
  19. 19. © F5 Networks, Inc. 19 SSL Feature Availability Feature TMOS TLS 1.2 10.2.3 ECC 11.4.0 PFS 11.4.0 SHA256 (SHA2) 10.2.3 SPDY 11.2.0 HTTP 2.0* 11.6.0 HSTS iRules/12.0 Feature TMOS Secure Renegotiation (RFC 5746) 10.2.3 TLS_FALLBACK_SCSV 11.5.0 Network HSM 11.2.1 Onboard HSM Y SNI 11.1.0 Hybrid Certificates (ECC & RSA)* 11.5.0
  20. 20. A Peek Under the Hood
  21. 21. © F5 Networks, Inc. 21 Network Session Application Web  application Physical Client  /  Server L4  Firewall:  Full  stateful  policy  enforcement  and  TCP  DDoS  mitigation SSL  inspection   and  SSL  DDoS  mitigation HTTP  proxy,  HTTP  DDoS  and  application  security Application   health  monitoring  and  performance  anomaly  detection Network Session Application Web  application Physical Client  /  Server Full Proxy Security Proxy  SSL  (Visibility) ASM SSL  Forward  Proxy   (Visibility) SWG
  22. 22. © F5 Networks, Inc. 22 Proxy Chain HUD chains are a series of filters which implement the configuration. The HUD chain is divided into two halves, client and server side. Filters on HUD chains usually are arranged as client/server pairs. The two halves are joined by the “proxy”. Data Center BIG-IP Platform Clients T C P S S L H T T P P R O X Y H T T P S S L T C P • App “point of delivery & definition” • App Intelligence - layer 3- 7 visibility • Distinct client / server control • Unified services / context • Interoperability and gateway functions Intelligent Full Proxy Benefits BIG-IP Architecture – Proxy Chain
  23. 23. © F5 Networks, Inc. 23 Proxy Chain Each SSL filter handles connection to device on their side of the proxy. Normally, the two SSL filters operate completely independently. Between the two filters, all data is available unencrypted. To fully offload the backend server, remove the server side SSL filter. Data Center BIG-IP Platform Clients T C P S S L H T T P P R O X Y H T T P S S L T C P • App “point of delivery & definition” • App Intelligence - layer 3- 7 visibility • Distinct client / server control • Unified services / context • Interoperability and gateway functions Intelligent Full Proxy Benefits BIG-IP Architecture – SSL Termination
  24. 24. © F5 Networks, Inc. 24 Data Center Proxy Chain Proxy SSL allows the client certificate to be presented to the server. Intermediary filters are disabled. SSL filters operate in monitor mode during the handshake. Post-handshake, SSL enables decryption and other filters. BIG-IP Platform Clients T C P S S L H T T P P R O X Y H T T P S S L T C P • Allows server to perform client cert auth • L7 content inspection after handshake • Certificate transparent to end user Intelligent Full Proxy Benefits BIG-IP Architecture – Proxy SSL
  25. 25. © F5 Networks, Inc. 25 Proxy Chain Forward SSL is used in Forward Proxy deployments. “Just in time” certificate creation is used to decrypt SSL connections. Enables policy based inspection of secure content. Requires the ability to create trusted certificates to work. Data Center BIG-IP Platform Clients T C P S S L H T T P P R O X Y H T T P S S L T C P • Inspect secure traffic at network edge • Transparent to the end user • Policy based bypass by: • Source IP Address • Destination IP Address • Host Name (SAN,CN,SNI) Forward SSL Proxy Benefits BIG-IP Architecture – Forward SSL
  26. 26. What’s Next?
  27. 27. © F5 Networks, Inc. 27 A Quick Primer on Certificate Revocation • If a SSL certificate is stolen or compromised, sites need a way to revoke the certificate so it will no longer be trusted. Revocation is handled by either CRL or OCSP. • CRL: Certificate Revocation List • The browser retrieves the list of all revoked certificates from the CA. • The browser then parses the whole list looking for the certificate in question. • OCSP: Online Certificate Status Protocol • The browser sends the certificate to the CA for validation. • The CA responds that the certificate is good, revoked, or unknown. • OCSP is more efficient than CRL, but there’s room for improvement! New Feature: OCSP Stapling AVAILABLE IN 11.6
  28. 28. © F5 Networks, Inc. 28 • OCSP and CRL checks add significant overhead: •DNS (1334ms) •TCP handshake (240ms) •SSL handshake (376ms) •Follow certificate chain (1011ms) •DNS to CA (300ms) •TCP to CA (407ms) •OCSP to CA #1 (598ms) •TCP to CA #2 (317ms) •OCSP to CA #2 (444ms) •Finish SSL handshake (1270ms) < T O TA L : 6 . 3 S e c o n d s > • Add up the time for each step and you'll see that over 30% of the SSL overhead comes from checking whether the certificate has been revoked. • These checks are serial and block downloads. OCSP & CRL Checks Hurt Performance This portion is revocation check overhead.
  29. 29. © F5 Networks, Inc. 29 • OCSP Stapling allows the server to attach CA signed information regarding the certificates validity. • Processing with OCSP enabled: •DNS (1334ms) •TCP handshake (240ms) •SSL handshake (376ms) •Follow certificate chain (1011ms) •Process OCSP Data (10ms) •Finish SSL handshake (1270ms) < T O TA L : 4 . 2 S e c o n d s > O C S P S t a p l i n g a l s o e l i m i n a t e s c o m m u n i c a t i o n w i t h a t h i r d p a r t y d u r i n g c e r t i f i c a t e v a l i d a t i o n . T h i s m a y b e c o n s i d e r e d b e t t e r s e c u r i t y s i n c e i t p r e v e n t s i n f o r m a t i o n l e a k a g e . OCSP Stapling to the Rescue
  30. 30. © F5 Networks, Inc. 30 OCSP Stapling Configuration Changes to ‘Proxy Pool’ when ‘Use Proxy Server’ is enabled
  31. 31. © F5 Networks, Inc. 31 OCSP Stapling Configuration Profile Location Assignment to Client SSL Profile
  32. 32. © F5 Networks, Inc. 32 • SSL termination and inspection from BIG-IP® Local Traffic Manager™ (LTM) • Hybrid cipher support for ECC and RSA ciphers • SSL crypto-offload for additional SSL capacity • Integration with network HSMs from SafeNet and Thales for key management SSL Everywhere RA – Bringing it all Together
  33. 33. © F5 Networks, Inc. 33 SSL Everywhere

×