The Shortcut Guide To

tm tm

Protecting Against Web Application Threats Using SSL

Dan Sullivan

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

IntroductiontoRealtimePublishers
by Don Jones, Series Editor

Forseveralyearsnow,Realtimehasproduceddozensanddozensofhighqualitybooks thatjusthappentobedeliveredinelectronicformatatnocosttoyou,thereader.Weve madethisuniquepublishingmodelworkthroughthegeneroussupportandcooperationof oursponsors,whoagreetobeareachbooksproductionexpensesforthebenefitofour readers. Althoughwevealwaysofferedourpublicationstoyouforfree,dontthinkforamoment thatqualityisanythinglessthanourtoppriority.Myjobistomakesurethatourbooksare asgoodasandinmostcasesbetterthananyprintedbookthatwouldcostyou$40or more.Ourelectronicpublishingmodeloffersseveraladvantagesoverprintedbooks:You receivechaptersliterallyasfastasourauthorsproducethem(hencetherealtimeaspect ofourmodel),andwecanupdatechapterstoreflectthelatestchangesintechnology. Iwanttopointoutthatourbooksarebynomeanspaidadvertisementsorwhitepapers. Wereanindependentpublishingcompany,andanimportantaspectofmyjobistomake surethatourauthorsarefreetovoicetheirexpertiseandopinionswithoutreservationor restriction.Wemaintaincompleteeditorialcontrolofourpublications,andImproudthat weveproducedsomanyqualitybooksoverthepastyears. Iwanttoextendaninvitationtovisitusathttp://nexus.realtimepublishers.com,especially ifyouvereceivedthispublicationfromafriendorcolleague.Wehaveawidevarietyof additionalbooksonarangeoftopics,andyouresuretofindsomethingthatsofinterestto youanditwontcostyouathing.WehopeyoullcontinuetocometoRealtimeforyour educationalneedsfarintothefuture. Untilthen,enjoy. DonJones

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

IntroductiontoRealtimePublishers.................................................................................................................i Chapter1:CombinedRiskofDataLossandLossofCustomerTrust................................................1 EvolvingSecurityLandscape..........................................................................................................................1 ProfessionalismofCybercrime.................................................................................................................2 DivisionofLaborinCybercrime..........................................................................................................2 MarketForces..............................................................................................................................................3 DiversificationintheCybercrimeMarkets.....................................................................................3 GrowthinCybercrime.............................................................................................................................5 AutomationofVulnerabilityScanning..................................................................................................7 EmergenceofAPTs........................................................................................................................................7 RiskofDataLossandThreatstoInformationSecurity......................................................................9 InterceptingCommunications...................................................................................................................9 Spoofing...........................................................................................................................................................10 DirectedAttacks:APTsandInsiderAbuse.......................................................................................10 ImproperlyManagedAccessControls................................................................................................11 ImpactoftheNewSecurityLandscapeonCustomerTrust...........................................................11 WellPublicizedDataBreachesandAttacks....................................................................................11 WellPublicizedCybercriminalandHackingOrganizations.....................................................12 PotentialImpacttoBuildingTrustOnlinewithCustomers......................................................13 HowBusinessesCanRespondtoInformationLoss..........................................................................14 Summary..............................................................................................................................................................15 Chapter2:HowSSLCertificatesCanProtectOnlineBusinessandMaintainCustomerTrust .......................................................................................................................................................................................16 HowSSLCertificatesWork...........................................................................................................................16 ComponentsofanSSLCertificate.........................................................................................................17 OverviewofHowSSLCertificatesSecureCommunications.....................................................20 OverviewofHowSSLCertificatesSupportAuthentication......................................................22

ii

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

WebApplicationsWithoutandWithSSLCertificateProtection.................................................24 Scenario1:WebApplicationsWithoutSSLCertificateProtection........................................24 Scenario2:WithSSLCertificateProtection.....................................................................................27 AuthenticationandTrust..............................................................................................................................28 HowCertifyingAuthoritiesAuthenticate..........................................................................................29 DevelopingTrust..........................................................................................................................................29 Summary..............................................................................................................................................................30 Chapter3:Planning,Deploying,andMaintainingSSLCertificatestoProtectAgainst InformationLossandBuildCustomerTrust.............................................................................................31 PlanningfortheUseofSSLCertificates..................................................................................................31 ProcessandAssetInventory ...................................................................................................................32 CompanyWebSite.................................................................................................................................32 OnlineCatalog..........................................................................................................................................33 CustomerServiceSupportPortal....................................................................................................34 CustomerFeedbackApplication......................................................................................................35 TrackShipmentApplication..............................................................................................................35 ProductDocumentation.......................................................................................................................35 MultiTierApplications.............................................................................................................................37 DeterminingtheTypeofSSLCertificateRequired.......................................................................38 KeyPointsAboutChoosingandDeployingSSLCertificates..........................................................39 Summary..............................................................................................................................................................40

iii

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Copyright Statement
2012 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the Materials) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via email at info@realtimepublishers.com.

iv

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Chapter1:CombinedRiskofDataLossand LossofCustomerTrust
BusinessesfaceanincreasinglycomplexsetofthreatstotheirWebapplicationsfrom malwareandadvancedpersistentthreats(APTs)todisgruntledemployeesand unintentionaldataleaks.Althoughthereisnosinglesecuritymeasurethancanpreventall threats,therearesomethatprovidebroadbasedmitigationtoanumberofthreats.The useofSSLencryptionanddigitalcertificatebasedauthenticationisoneofthem. Changesinthewaywedeliverservices,theincreasinguseofmobiledevices,andthe adoptionofcloudcomputingcompoundedbytheeverevolvingmeansofstealing informationandcompromisingservicesleaveWebapplicationsvulnerabletoattack.SSL encryptioncanprotectservertoservercommunications,clientdevices,cloudresources, andotherendpointsinordertohelppreventtheriskofdataloss.Alaterchapterprovides astepbystepguidetoassessingyourneeds,determiningwhereSSLencryptionanddigital certificatebasedauthenticationmaybehelpful,planningfortherolloutofSSLtoWeb applications,andestablishingpoliciesandprocedurestomanagethefulllifecycleofSSL certificates.Inthischapter,weturnourattentiontothecombinedriskoflosingdataand losingcustomertrust.

EvolvingSecurityLandscape
Businessinformation,fromcustomeridentityinformationtotradesecrets,isvaluableto morethanjustthebusinessthatcontrolsit.Attackersandcybercriminalscanexploit weaknessesinITsystems,resultingindataloss,andinsomecases,involvingpublic disclosureaswell.Moreover,informationsecurityattacksarenotlimitedtooneortwo industries,governments,orevengeographiclocations.Inadditiontodirectattacksonthe interestsofbusinesses,governments,andotherorganizations,therearecasesofmalicious attacksthataremorelikevandalismthantheft.Thesemayhavelessdirectcostsbutcan stillcauseconcernaboutthetrustworthinessofonlineresources. Theevolutionofthesecuritylandscapeiscreatingwhatappearstobeaglobal,continuous andcrossindustrythreat.Anumberoffactorsarecontributingtotheadvancementof cybersecuritythreats: Theprofessionalismofcybercrime Theabilityforotherstoautomaticallyscanpotentialtargetsforvulnerabilities EmergenceofAPTs

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Acomplexphenomenonlikecybersecuritythreatshasmanyaspectsinvolvingmultiple motivations,awidearrayoftechnologies,andmanyopportunities.Wewillexaminethree, assumingthattheyarearepresentativesampleofthevariousdimensionsoftheproblem. Theyarenotbyanymeansacomprehensivelistofelementsthatcontributetotheevolving securityenvironmentweface.

ProfessionalismofCybercrime
Cybercrimeisabusiness,literally.Ifyouwereanoutsiderlookinginontheoperationsof theundergroundmarketforstolencreditcardsandbankcredentialsandyoudidnotknow theillegaloriginsoftheproductsforsale,itmightbehardtodistinguishtheoperations fromalegitimatebusiness.Cybercrimehascharacteristicsonewouldexpectinother professionsandbusinesses,including: Divisionoflabor Marketforces Diversification Growth

Thefactthatcybercrimehasdevelopedthesecharacteristicsassociatedwithfreemarkets speakstothepersistence,professionalism,anddriveforefficiencyinthisarena. DivisionofLaborinCybercrime Thereisafullverticalindustrydedicatedtocreditcardandbankcredentialfraudthat includes,accordingtotheFBI,awelldefineddivisionoflabor: ProgrammerswhodevelopTrojansandothermalwaretostealfinancialinformation Distributorswhoestablishonlinemarketplacesandsellstoleninformation Fraudsterswhodevelopphishingscamsandothersocialengineeringschemesto lurevictimsintorevealinginformation Cashiersandmoneymules(lowlevelparticipantswhousetheiraccountsinthe moneytransferprocess

Thisdivisionoflaborisexpected.TheskillsneededtocreateaTrojanaredifferentfrom thoseneededtowriteaconvincingphishingemail.Ironically,theundergroundmarket mustbebasedontrustthatparticipantswillnotviolateunderstoodrulesofexchange. WithintheconfinesoftheInternetcrimemarketplace,thereisaneedfordistributorswho canestablishonlineexchangesandruntheminatrustworthymanner.Thereisalsoaneed tomovemoneyoutoftheundergroundmarketandintothebusinessandconsumer markets.Thisjobrequiresasetofskillsthatallowsonetobridgetheundergroundand legitimatemarkets.

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

MarketForces Pricesappeartobesetintheundergroundmarketsimilarlytothewayspricesaresetin legitimatefreemarkets:bysupplyanddemand.Forexample,PandaSecurityreportsonthe costofanumberofdifferentproductsintheirreportTheCyberCrimeBlackMarket. Stolencreditcarddetailswillcostyoubetween$2and$90(thepricewillvarydepending onfactorssuchascreditlimit,amountofcarddetailavailable,timesincethenumberwas stolen).Bankcredentialscostbetween$80and$700;thehigherpricedcredentialscome withbalanceguarantees.Banktransferandcheckcashingservicesareprovidedatrates from10%to40%ofthetransactiontotal.Thosecriminalsthatliketooperateinthe physicalrealmcanpurchasecreditcardclonersforanywherefrom$200to$1000buta fakeATMcardcancostupto$35,000. Ofcourse,thereiscompetitionintheundergroundmarket,sotherewillbeinnovative waystodistinguishoffersbasedonmorethanprice.ThePandaSecurityreportnoted offerssometimescomewithtryandbuydemos,bulkdiscounts,andevencustomer serviceandsupport. Anotherindicatorofthematurityofthemarketisthewaypricesforstolengoodsare influencedbythelawsofsupplyanddemand.Toomuchsupplywilldrivedownprices.In thespringof2011,theSonyPlayStationnetworkwasattackedandinformationfrom101.6 millioncustomerswasstolen(Source:https://www.privacyrights.org/databreach asc?title=Sony).Sonyandtheircustomerswerenottheonlyonesconcernedaboutthis massivebreachothercybercriminalswereconcernedthataninfluxofalargenumberof newstolencreditcardswoulddrivedownthepricefortheirstolengoods.TheNewYork TimesquotedKevinStevens,aseniorresearcheratTrendMicroasreporting,Therewasa lotofdiscussiontakingplaceinhackerforumsabouttheSonydatabreach.Severalcredit carddealersareworriedthatthedistributionofmillionsofcreditcardswouldfloodthe marketandlowerprices.AndaEuropebasedhackerwhowasnotfurtheridentified indicated,WerekeepingacloseeyeontheSonystoryasitwoulddrasticallyaffectthe resaleofothercards.(Source:NickBolton,HowCreditCardDataisStolenandSold,The NewYorkTimes,May3,2011).Giventhedynamicsoftheundergroundcybercrimemarket combinedwiththeriskoflargeswingsinsupply,itisprudentfortheriskaverse cybercriminaltodiversify. DiversificationintheCybercrimeMarkets Cybercriminalscandiversifyinthewaytheyattacktheirvictimsandinthewaytheyselect theirtargets.Cybercriminalsdiversifythedistributionofmalwareandinfectdevices aroundtheglobe.TheAntiPhishingWorkingGroup(http://www.antiphishing.org/) reportsthatmorethan10millionmalwaresamplesweredetectedinthesecondhalfof 2010.Inaddition,atleast10countrieshaveinfectionratesgreaterthan50%(seeFigure 2.1).

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure2.1:Highmalwareinfectionrates(above50%)areseenacrosstheglobe.The UnitedStatesranked22ndinthelistwitha45.32%infectionrate. Diversificationisalsoafactorwithregardstovictims.AtleastintheUnitedStates,thereis asomewhatbalanceddistributionintheageofcybercrimevictimsaccordingtoFBI statistics(seeFigure2.2).

Figure2.2:ReportsofInternetcrimetotheFBIarefairlywellevenlydistributed acrossagegroupswithunder20yearoldsfairingthebest.

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Criminalsarenotasdiverseintheindustriestheytargets;financialservicesandpayment servicesarestillleadingtargetsforobviousreasons.Figure2.3showsthetoptargeted industriesinthefourthquarterof2010,accordingtotheAntiPhishingWorkingGroup.

Figure2.3.Diversitydoesnotextendasmuchtotheindustriestargeted.Financial servicesandpaymentservicesaccountformorethanthreequartersofphishing scams(Source:AntiPhishingWorkingGroup,PhishingActivityTrends,2ndHalf 2010). Inadditiontodiversifyingtheresourcesusedtocommitcybercrime,wehavewitnesseda growthintheamountofcybercrime. GrowthinCybercrime Thereislittledoubtthatcybercrimeisgrowing.Wehavealreadynotedtheincreasing sophisticationofundergroundmarkets,thedivisionoflaboramongcybercriminals,high malwareinfectionratesinsomepartsoftheworld,andeventheeffectsofmarketforceson thecriminalenterpriseatlarge.Therearealsostatisticsthatprovideevidenceforthe increaseinthenumberofcybercrimes.Figure2.4,forexample,showsanincreasing numberofcybercrimesreportedperyearbetween2000and2010.

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure2.4:ThenumberofInternetcrimecomplaintsfiledwiththeUSFederal BureauofInvestigation(FBI)isanotherindicatorthatcybercrimeisanestablished, ongoing,andgrowingproblem(Source:FBI,2010InternetCrimeReport). Thereisagrowingsupplyofmalicioussoftwareandmethodsfordistributingmalwarethat canbeusedtoexecutecybercrimes: Afewyearsago,PandaSecurityreportedreceiving500newthreatsperday;today theyreceive63,000newthreatsperday(Source:PandaSecurity,TheCyberCrime BlackMarket). McAfeeprocessed55,000piecesofnewmalwareeverydayin2010(Source: http://blogs.mcafee.com/corporate/cto/globalenergyindustryhitin nightdragonattacks). Inthe15yearperiodfrom1991to2006,PandaSecuritycompiledadatabaseof 92,000strainsofmalware;in2009,thatnumberreached40million;andin2010, thenumberjumpedto60million(Source:PandaSecurity,TheCyberCrimeBlack Market). Symantechasfoundthatenterprisingattackersbuyadspaceandusetraffic distributionsystems(thatis,vendorsthatbuyandsellWebtraffic),avoidingthe needtoinfectWebsites.Thisprocesshasbecomeanothercommonmethodfor distributingmaliciouscode(Source:Symantec,WebBasedMalwareDistribution Channels:ALookatTrafficRedistributionSystems). TheincreasinguseofshortenedURLshelpstomaskmalicioussites.Inonestudyof maliciousshortenedURLspostedtosocialnetworkingsites,88%ofthemalicious linkswereclickedatleastonce(Source:Symantec,TakingtheShortcuttoMalicious Attacks). 6

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Theextentofcybercrimeandthemeansbywhichitisexecutedarebothgrowingand, unfortunately,thereislittleinthedatatosuggestthetrendwillchangeintheforeseeable future.Infact,asSymantechassummarized,thethreatsinthepastdecadehavebecome increasinglysophisticated;seeADecadeinReview:CybercriminalMotivationsbehind Malwareforatimelineofmajorcybercrimeeventsinthepast10years. Cybercrimeisclearlyawellestablished,professional,andillegalindustry.Businessdata, especiallypersonalconsumerdata,isahighlyvaluedtarget.Thisputspressureon businessestoprotectthatdata,andwellpublicizeddatabreachescanleadcustomersto questiontheprotectionsinplacearoundtheirinformation.Thisrealityultimately underminestrustintheabilityofthebusinesstoperformonlinetransactionswithout compromisingpersonalinformation.

AutomationofVulnerabilityScanning
Theproliferationofcybercrimehasbeenenabled,inpart,bytheemergenceofa professionallyruncybercrimemarket.Anotherfactorinfavorofcybercriminalsisthe availabilityoftechnologyforvulnerabilityscanning.Onecanimaginea(false)senseof securityyoucoulddevelopbyassumingthatwithallthedevicesontheInternet,whatare thechancesanattackerwouldfindoneofmyserversanddetectanunpatchedapplication oramisconfiguredservice?Thiskindofreasoningfailstoaccountforsecuritytoolsthat canbeusedtohelplockdowndevicesorexploitthem. Automatedvulnerabilityscanningtoolscanbeusedtodiscoverdevices,assess configurations,detectaccesstosensitivedata,anddeterminewhetheravulnerableversion ofanapplicationwithaknownvulnerabilityisrunningonadevice.Vulnerabilityscanning toolsarevaluabletosecurityandnetworkprofessionalsworkingonidentifyingand correctingweaknesses.Theyareequallyusefulforcybercriminalsinidentifyingand exploitingweaknesses. Cybercriminalsfunctionundersimilarbusinessdriversaslegitimatebusinesses,including theneedtoperformoperationsmoreefficientlyandtodevelopbusinesspracticesthat allowthemtoscaletomarketdemandsandopportunities.Automationofrepetitivetasks, suchaslookingforvulnerabilitiesinWindowsandLinuxservers,isonewaytoimprove attackerproductivity.Automatedvulnerabilityscanningcanbeusedtoscanawiderange ofIPaddresseslookingforvulnerablesystemsandapplicationsortheycanbeusedin moretargetedattacks.

EmergenceofAPTs
Acommonmotiveinmodernheistmoviesistheneedforstrategicplanninganddetailed tacticalmovesbeforethetheftcanbeaccomplished.Moviesabout1920sbankrobberies couldworkwithahandfulofbankrobbersrushingintoabankwithgunsandminuteslater runningouttothegetawaycarwithbagsfullofcash.Thatstorylineneedstoberevisedin ordertoseemrealisticbytodaysstandards.Securityatmodernbanks,casinos,andother likelytargetsdemandmoreinsiderknowledgeofweaknessesandfinessewhenitcomesto execution.Thisappliestocybercrimesaswell.

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

WellfundedanddeterminedattackerscanuseanattackstructureknownasanAPTto breachsecurityofahighlyvaluedtarget.APTsarecharacterizedby: Targetingasingleentity Intelligencegathering Multiplemodesofattack Incrementalbreaches Exploitinghumanswithsocialengineeringattacks

MalwareplaysacentralroleinAPTs,buttheyaremorethanviruses.Malwarecanbe injectedintoavictimsdevicebyluringthevictimtoasitecontrolledbytheattackerand convincingthevictimtodownloadafileorbyfindingaweaknessinperimeterdefensesor avulnerabilityinanapplicationthatallowsmalwaretobeinjected.Chancesofanantivirus programdetectingthemalwarearereducedbythefactthatmalwaredeveloperscantest theirTrojansandothermalwareagainstantivirussoftwarebeforeitisdeployedandcraft themalwaretoavoiddetection. ThescopeofanAPTcanbesubstantial: In2009,acoordinatedattackusingsocialengineering,intelligencegathering, breachesofperimeterdefenses,andSQLinjectionattackswereusedagainstoil,gas, andpetrochemicalcompanies.Theattacktargetedresourcesandpersonnelinthe UnitedStates,theNetherlands,Kazakhstan,Taiwan,andGreece(Source:McAfee, GlobalEnergyCyberattacks:NightDragon,Feb.10,2011). In2010,researchersdiscoveredacoordinatedattackonbusiness,government,and academiccomputerstargetingpoliticallysensitiveinformationrelatedtotheIndian governmentandtheDaliLamasoffice(Source:InfoWarMonitor,Shadowsinthe Cloud:Aninvestigationintocyberespionage2.0). In2011,McAfeereportedonOperationShadyRat,amultiyearAPTthattargeted morethan70business,government,andevennonprofitorganizations(Source: McAfee,Revealed:OperationShadyRat).

NotallAPTsarebroadlytargeted,though.In2011,Symantecmadepublicitsanalysisofthe Duqumalware,whichusespiecesofthewellknownStuxnetmalwarethattargets industrialmachinerycontrols.Duquisdesignedtogatherintelligenceonspecificindustrial targets(Source:Symantec,Duqu:ThePrecursortotheNextStuxnet).Suchattacksmaynot garnerattentiongrabbingheadlinesbuttheyposesignificantriskstothetargetedvictims. TheimpactofAPTscanbesubstantialbecauseintellectualpropertyisoftenthetarget. Competitorswhocanstealbidsformajorcontractsorproductdesignscannegateany competitiveadvantagethevictimmayhavehad.Untilrecently,APTshavenotgarneredthe attentionofthepressinthesamewaydataleaksdo.Reportingonthelossofmillionsof customerspersonaldataisrelativelyeasy,buttrackingdownandexplainingthedetailsof alongterm,sophisticatedcyberattackismuchmoredifficult.

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Theevolutionofcybercrimehasreachedapointwherethreatsarecontinuous,targeted, andincreasinglywellknown.Databreachesarereadilyunderstoodevenforthosewithout abackgroundinIT,andcanundermineconfidenceincustomersabilitytoconduct businessonline.ThesophisticationofAPTsthreatensbusinessesabilitytoconductinternal operationswithoutlossofinformationconfidentialityandinformationintegrity.Next,we willexaminewaysinwhichconfidentialityandintegritycanbecompromised.

RiskofDataLossandThreatstoInformationSecurity
Datalosscanoccurinmanyways,fromeavesdroppingandmistakenidentitiestoinsider abuseandimproperlymanagedaccesscontrols.

InterceptingCommunications
Communicationsanddatatransferscanfollowmanyroutesfromonepointtoanother. RemotesitesandtravelingexecutivesmayhavetousethepublicInternettoaccess resourcesatcorporateheadquarters.Thiscanpresentanopportunityforanattackerwho hastargetedthatbusinessorexecutive.Unlessthecommunicationsareencrypted, typicallyusinganSSLbasedmechanism,itisatriskofinterceptionbyamaninthemiddle attack(seeFigure2.5).

Figure2.5:Unencryptedcommunicationscanbeinterceptedusingamaninthe middleattack.Auserbelievesthereisadirectandsecurelineofcommunications (green)wheninfactthelineofcommunicationisbeingintercepted(red).

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Thistypeofattackcanbeavoidedbydeployingcommunicationservicesthatencryptdata beforeitissentovertheInternet.Virtualprivatenetworks(VPNs)candothisforall networkcommunication.Alternatively,userscanestablishsecureconnectionstoservers thathaveanSSLcertificateandcanestablishencryptedcommunicationschannelswith otherdevices.

Spoofing
Spoofingisanotherwayofstealinginformationthatdependsontrickingusersinto believingamaliciousserverorotherdeviceisactuallyalegitimatedevice.Spoofingcanbe avoidedbydeployingSSLcertificatesonservers.Doingsoallowsuserstoauthenticatethe server(thatis,verifytheserverisactuallytheoneitappearstobe)beforetransmitting sensitivedata.SSLcertificatescanbeprovidedbytrustedthirdpartieswhoverifythe identityoftheorganizationrequestingthecertificate.Thecertificatesaredesignedto identifyaserver(orgroupofserversdependingonthetypeofSSLcertificate).Ifadigital certificateforoneserverwasstolenandplacedonanotherserver,awarningmessage wouldbegeneratedduringtheauthenticationprocess. CommonInternetbrowsersareallconfiguredwithinformationaboutthemajorSSL certificateproviders.Ifauserweretonavigatetoaspoofedserverwithaninvalid certificate,thebrowsercouldimmediatelydisplayawarningindicatingthespoofedserver isnotactuallytheoneitpurportstobe.

DirectedAttacks:APTsandInsiderAbuse
Anothersetofriskstobusinesses,governments,andotherorganizationsisdirected attacks.InadditiontoAPTs,anotherpotentialavenueofdatalossisinsiderabuse. Insidersareemployees,contractors,andotherswithlegitimateaccesstoinformation.The waysinsiderscanstealorleaksensitivedataislimitedonlybytheirimagination.The PrivacyRightsClearinghouse(http://www.privacyrights.org)maintainsadatabaseof breachesthatincludesdetailsonthewaysdataislost.Someofthemorerecentcasesof insiderabusehaveincluded: Awaiterstealingcreditcarddetailsofcustomers. AVeteransAffairsworkerusingpersonalpatientinformationtocreatefraudulent dependentinformationandthenusinghistaxpreparationbusinesstosubmit fraudulenttaxreturns. Amedicalcenteremployeestealinginformationaboutpersonsresponsiblefor medicalbillpayment,whichwasthenusedbycoconspiratorstoopencreditcards andobtaincashadvances. Abankemployeedisclosingcustomernames,SocialSecuritynumbers,drivers licensenumbers,bankaccountnumbers,andotherdetailstococonspiratorsinan identitytheftring. Evenwhensoundpracticesareemployed,suchaslimitingaccesstodatatoonlythosethat needitandseparatingdutiestoreducetheriskasinglepersoncouldcommitfraud, determinedinsiderscanstillsucceedinstealingsensitiveinformation.

10

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

ImproperlyManagedAccessControls
Anotherriskfordatalosscomesfromimproperlymanagedaccesscontrols.Atelling examplewasrecentlyreportedbytheAssociatedPressinNewDataSpillShowsRiskof OnlineHealthRecords.Thearticledescribesacaseinwhichmedicalinformationabout 300,000Californianswasavailableforpublicviewing.Aprivacyresearcher,Aaron Titus, found the information using Internet searches and then contacted the firm hosting the data (as well as the press). The data was intended to be used only by employees with legitimate need for the data, but proper access controls were not in place, in violation of the firms policies. Poorlymanagedandimplementedaccesscontrolswillnotnecessarilyresultinpublic disclosurebuttheycancreateadditionalrisksnonetheless.Forexample,whenan employeewhoisresponsibleforaccountspayableistransferredtoworkonaccounts receivables,hisaccesspermissionsshouldberevisedtopreventaccesstoaccountspayable systems.Failuretodothiscanunderminetheseparationofdutiesprincipleandcreatean opportunityforabuse.Thereareawidevarietyofriskstotheconfidentialityandintegrity ofdata,frominterceptedcommunicationsandspoofingtoinsiderabuseandmismanaged accesscontrols.

ImpactoftheNewSecurityLandscapeonCustomerTrust
Wecouldeasilykeepourfocusontheinternalconsequencesofthenewsecuritylandscape. Wecouldconcernourselveswithhardeningourdefenses,improvingourauditingand monitoringprocedures,andothermeasuresthatreducetheriskthatanattackwouldbe successful.Wecoulddothisandwewouldbejustifiedindoingit,butwewouldalsobe missinganimportantaspectoftheserisks:theirimpactoncustomertrust.

WellPublicizedDataBreachesandAttacks
YoudonothavetobeanITprofessionaltobeawareofthestateofinformationsecurity thesedays.Thepopularpressseemstohaveanalmoststeadystreamofstoriesabout securityrisks,databreaches,andhackingattempts. ItisnotjusttheAmericanpressthatispublishinginformationsecuritystories;thisisa globalphenomenon: TheHongKongStockExchangesuspendedtradingonsevenstocksafterthe exchangesWebsitewasattackedandsensitiveresultswerereleasedaccordingto TGDaily(Source:HongKongStockExchangeHacked,Aug.10,2011). Privateinformationon35millioncustomersofEpsonKoreawasstolenafterthe companyWebsitewashacked.Informationdisclosedincludednames,userIDs, passwordsandresidentregistrationnumbersaccordingtotheYonhapNews Agency(Source:EpsonKoreasays35MillionCustomers'DataHacked,Aug.20, 2011).

11

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Storiesaboutfinanciallymotivatedattacksarecomplementedbywhatmightbecalled humaninterestcybercrimecases: TheGuardianreportsonacasedemonstratingthatattacksarenotalwaysfinancially motivated,describinga33yearoldattackersactions,Heaccessedhighlypersonal dataandphotographsinasophisticatedemailscamfromhismothersfrontroom, takingcontrolofsomevictimswebcamsremotelytoseeinsidetheirhomes,atone pointboastingtoafriendthathemadeateenagegirlcrybydoingso.(Source: ComputerExpertJailedafterHackingVictimsWebcams,Nov.23,2010). FollowingthephonehackingscandalattheBritishnewspaperNewsoftheWorld thatbecamepublicinthesummerof2011,ScotlandYardbegananinvestigation intocomputerhackingbytheorganization,accordingtoTheGuardian.Thiswas spurredinpartbyallegationsthataformerarmyintelligenceofficerreceivedan emailwithaTrojanprogramthatcopiedemailsfromthevictimandsentthemto theattacker(Source:ScotlandYardtoSetupupNewComputerHackingTaskForce,, July29,2011).

Governmentsandpoliticalorganizationshavealsobeentargetedfororganizedattacks. Examplesinclude: DeutscheWellereportsin2010thatnewnationalidentitycardsprovidedto Germancitizenswhichweresupposedtoimprovesecurityforonlinetransactions wereeasilyhackedbymembersoftheChaosComputerClub(Source:NewGerman IDcardeasilyhackedbyordinarycomputernerds,Sep.23,2010). ATaiwanesepresidentialcampaignwasattackedandtheattacktargetedplanning information.Policewereinvestigatingallegationsthattheattackerswerebacked bytheChinesestateaccordingtotheTimesofIndia(Source:TaiwanPoliceProbe ChinaHackingClaim,Aug.11,2011).

Basedoneventhissmallsamplewecanbegintoseethattheconcernaboutdatabreaches andpersistentcybercrimeexiststosomeextentanywherethereisInternetaccessand onlinetransactions.

WellPublicizedCybercriminalandHackingOrganizations
Decadesago,onlyinsiderswouldrecognizethenameofhackinggroupsliketheChaos Club,buttoday,groupslikeAnonymousandLulzSecaremakingheadlinesalongwithmore threateningorganizations,suchastheRussianBusinessNetwork(RBN)andstate sponsoredgroups. LulzSechasclaimedresponsibilityforstealinginformationfromlawenforcementagencies, mostnotablytheArizonaDepartmentofPublicSafety,aswellasbusinessessuchasNews Corporation.Whencomparedwithorganizedcrimesyndicateswhichcommitcybercrimes, groupslikeLulzSecaremoreakintovandalsthanseriousfelons.Anonymoushasmade newswithpublicreleasesofstolendocumentsfromBankofAmericaandattacksonSony, bothinresponsetowhatthegroupconsideredobjectionablecorporatebehavior.

12

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Otherorganizedgroupsarefarmorethreatening.TheRBNisreportedtobeagroupbased inRussiathathasahistoryofdevelopingmalware,conductingDenialofService(DoS) attacks,andprovidingspamservices.Theyhavealsobeenimplicatedinthetheftoftensof millionsofdollarsfromCitibankin2009(Source:ComputerWorld,Report:RussianGang LinkedtoBigCitibankHack,Dec.22,2009). Morerecently,newsstorieshighlightedOperationShadyRat,thewidespreadAPTattack onmorethan70organizations,andNightDragon,thetargetattackongas,oil,and petrochemicalcompanies.Theseattackshaveimplicatedstateactors. Storiesaboutorganizationsrangingfromcybervandalstostatesponsoredcybercriminals willlikelyaddtothepopularconcernaboutinformationsecuritygeneratedbyanear continuousstreamofstoriesfromaroundtheglobeaboutdatabreachesandcyberattacks. Thisisnotjustalawenforcementproblemorapublicpolicyissue.Howweasconsumers andcustomersrespondtothesethreatscandirectlyimpacttheeffectivenessofonline services.

PotentialImpacttoBuildingTrustOnlinewithCustomers
Customersarejustifiediftheyareconcernedaboutthesecurityoftheirpersonaland financialinformationonline.Itisnotunreasonabletothinkthatcustomerswillmake choicesbasedonhowwelltheythinkacompanywillprotecttheirinformationinmuchthe samewaytheynowconsiderprice,productquality,andcustomerservice. Businessesshouldconsiderhownewevaluationcriteriathatincludesecurity considerationswillaffectthem.Onecanbeginbyunderstandingthesecurityconcerns customersmayhave,suchas: Concernforidentitytheft Concernforcreditcardfraud Lossofprivacy

Organizationssuchasbanksandhospitalsthatrequiremorepersonalandfinancial informationthanmanybusinessesarelikelytobeespeciallyawareofconcernsabout identitytheft.Businessesthatprovideservicestobanks,hospitals,governments,and similarorganizationsthatmayhousesubstantialamountsofconfidentialinformationmust ensureitstaysprotected.Forexample,theinadvertentreleaseofpatientdatainCalifornia occurredatafirmprovidingservicestomedicalproviders;itwasnotamedicalprovider itself. Theneedtoprotectcreditcardinformationismorewidespread.Manyofususecredit cardsanddebitcardsroutinelyduringtheday.Thepaymentcardindustryhasestablished datasecuritystandardsthatcardprocessorsmustcomplywith.Thesearedesignedto protectbothcustomersandbanksfromfraudandabuse.Thepaymentcardindustryis builtonaweboftrust.Customersandvendorstrustthebanktopaythevendor,banks trustcustomerstopaytheirbills,bankstrustvendorstochargeaccurately,andtheyall trusteachothertomaintaintheintegrityofthesystem.

13

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Thelossofprivacycanbeevenmoreofathreattosomepeoplethanthefinancialrisk associatedwithcreditcardfraudofidentitytheft.Someonewithahistoryofpsychiatric treatmentmayfearforhisjobifanemployerweretofindoutaboutit.Someonewholives infearofabusemaynotwantheraddressdisclosed.Thedisclosureofprivateinformation canhaveunknownandsevereconsequencesforcustomers,clients,andpatients. Informationsecuritythreatsarerealandsubstantial.Customerswouldnotbeirrationalto considerhowtheycanbestprotectthemselvesfrompersonalorfinancialharm,andthat mayincludeassessingwhichbusinessestotrustwiththeirinformation.

HowBusinessesCanRespondtoInformationLoss
Itisclearthatitisinthebestinterestofbusinesses,governments,andotherorganizations tomitigatetheriskofinformationloss.ThequestionisHow?Answeringthatquestionis thesubjectofmanybooks,articles,conferencepresentations,andotherresourceswhich isanindicationofjusthowdifficultthetaskis. Althoughwecannotgiveadetailedanswertothatquestion,wecanoutlinesomeofthe characteristicsoftheanswer.Firstandforemost,thereisnosinglesolution,nosilver bullet.Protectinginformationintodaysonlineecosystemrequiresawidearrayof securitycontrolsandmeasures,suchas: Reliableandtrustworthyauthenticationofpersonsanddevices Strongencryptionfordataatrestanddataintransit Accesscontrolsappropriatewiththeneedtoperformbusinessfunctions Separationofduties Malwareprotection Properlyconfiguredandpatchedoperatingsystems(OSs)andapplications Constantmonitoringandanalysis Vulnerabilityscanningandautomaticremediationtocorrectknownvulnerabilities Intrusiondetectiontodetectpotentiallymaliciousactivities

Inadditiontothesetechnicalmeasures,organizationsshouldhavewelldefinedpolicies andproceduresinplacethatdocumentwhentouseauthenticationmechanismssuchas SSLcertificates,whatkindsofinformationshouldbeencrypted,andwhatkindsof monitoringproceduresshouldbeinplace.Policiesthatarenotenforcedareofnohelp. Governancepracticesneedtobeinplacetoensurethatpoliciesareimplementedas expected.Itislittleconsolationtoacustomerwhohasherpersonalfinancialinformation disclosedthatthebusinesshadanoutstandingprivacyprotectionpolicybutitjustwasnt followed.

14

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Manyofthesemeasuresareessentiallybehindthescenesfromthecustomers perspective.SecurityprovidedbySSLcertificates,likeauthenticatingaserveror encryptingabrowsersession,isvisibletocustomers,thankstocueslikelocksandgreen barsusedwithExtendedValidationSSLCertificates,asFigure2.6shows.(Therewillbe moreonthistopicinthenextchapter).

Figure2.6:Visualcues,suchasthelockandgreencoloredtextcanhelptoindicateto customersthatasitehasbeenauthenticatedandcommunicationbetweenthe browserandtheWebsiteareencrypted.

Summary
Businessesfaceadoublethreatfromcybercriminals:thelossofinformationandthelossof customertrust.YoudonothavetobeanITprofessionaltohaveanunderstandingofthe riskofdatalossesandthesubsequentfraudandidentitytheftthatcanfollow.Thesecurity landscapeisbecomingincreasinglycomplexandthreatening.Cybercrimeishighly professional,tothepointwhereundergroundmarketsfunctionmuchaslegitimate businessmarketsdo.Organizedcrimeandstateactorsarerealizingthebenefitsof informationtheft.Thepotentialpayoffsaresubstantialandasaresultorganizedentities arewillingtospendconsiderabletimeandmoneytolaunchAPTs.Meanwhile,thepublic catchesglimmersofwhatishappeningthroughafairlysteadystreamofnewsstoriesfrom aroundtheglobeaboutdatabreachesandhackattacks.Inadditiontosecuritymeasures, businessescanhelpmitigatetheimpactofcybercrimebytakingstepstobuildand preservecustomertrust.

15

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Chapter2:HowSSLCertificatesCan ProtectOnlineBusinessandMaintain CustomerTrust

WhatunderliesSSLcertificatesisawellestablishedmethodforsecuringcommunication andauthenticatingservices.TobetterunderstandhowSSLcertificatescanprotectonline business,ithelpstoknowsomethingabouttheinnerworkingsofSSL.WorkingwithSSL certificatesisabitlikedrivingacaryoudonotneedtobeanautomechanictodrivea car,butitcanhelptoknowthebasicsofhowyourengineandtransmissionwork. Thischapterisorganizedintothreesections: HowSSLcertificateswork WebapplicationswithandwithoutSSLcertificateprotection Authenticationandtrust

ThefirstsectionlooksunderthehoodofanSSLcertificatetodescribeitscomponentsand howtheyworktosecurecommunicationsandsupportauthentication.Thesecondsection continuesthelookunderthehoodapproachandconsidershowanapplicationwithout SSLcertificateprotectionsoperatesdifferentlythanoneusingSSLcertificates.Inthethird section,continuingourregimenofdelvingintotheimplementationdetailsofSSL certificates,welookathowSSLcertificatesarecreated,thedifferenttypesofSSL certificates,andtheroleofSSLcertificateprovidersinestablishingandmaintainingatrust relationshipbetweenprovidersofSSLcertificates,businessesthatusethem,and customersthatexpectthekindsofprotectionstheyprovide.

HowSSLCertificatesWork
WhenwereceiveanSSLcertificatefromaprovider,wereceiveafile.Thatmayseemlikea bitofaletdownatfirst.Afterall,thisissomethingthatwillbeusedtoencrypt communicationsandprovideevidenceforidentityclaimsofservers.Thesearefairly importanttasks,andtheyareallenabledbecauseofonesmallfile?Well,yesandno.

16

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Yes,theSSLcertificatefileisessentialforprovidingencryptionandauthenticationservices, butitisreallyjustonepartofamorecomplexsetofprotocols.Actually,anSSLcertificate byitselfwouldbeoflittleusetoyouifitwerentfortheestablishedprotocolsthatmake useoftheinformationstoredwithintheSSLcertificatefile.Theimportantsecuritytasks arenotenabledsolelybecauseofanSSLcertificatefile.ItisthecombinationoftheSSL certificateandtheprotocolsthatdefinehowitisusedthatprovidethesecuritycontrolswe seek.LetstakealookinsideanSSLcertificateandthenexaminetheprotocolsthatmake useofit.

ComponentsofanSSLCertificate
Figure2.1showthecomponentsofanSSLcertificate.SSLcertificatesusetheX.509 certificatestructure,whichincludesinformationaboutthesubject,suchasadomain,and theencryptionalgorithmusedtocreateencrypteddatathatcanuniquelyidentifyanentity (theseareknownassignatures):

Figure2.1:ThedatastructureforrepresentinganSSLcertificateisbasedonthe X.509certificatestandard.

17

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

TheversionnumberindicateswhichversionoftheX.509specificationisused. Newerversionssupportadditionalextensionsandauniqueidentifier. Theserialnumberisauniquenumberassignedbythecertifyingauthoritythat issuedthecertificate.Certifyingauthoritiesareresponsiblefortrackingthese numberssothatthecombinationofissuerandserialnumberisuniqueacrossall X.509certificates. ThealgorithmID(referredtoasasignatureintheX.509specification)isthe identifierofthealgorithmusedbythecertifyingauthoritytogeneratethe certificate. Theissueristhenameofthecertifyingauthoritythatissuedthecertificate.In additiontothenameoftheissuer,thisfieldcancontainthelocationoftheissuer andtheorganizationalunitwithintheissuingcompanythatwasresponsiblefor creatingthecertificate. Thevaliditysectionincludestwodates,onemarkingthestartperiodforwhichthe certificateisvalidandoneindicatingtheenddatethatitisvalid. Thesubjectfieldisthenameoftheentityrequestingthecertificate.Thisnameisin theformofadistinguishednamethatisuniquetothatentitywithinthecertifying authority.Liketheissuerfield,thisattributecancontaininformationaboutthe subjectslocationandtheorganizationalunitwithintheentitythatrequestedthe certificate. Thesubjectpublickeyfieldcontainsapublickey,whichisastringofcharacters,and thenameofanalgorithmwithwhichthekeyisused.Whydoweneedthisstringof charactersknownasapublickey?Thiskeyispartofthetechnologyknownas publickeycryptography.Wedonotneedtodelveintotoomanydetails,butitis importanttounderstandthebasics.Hereishowitworks:Whensomeonewantsto sendyouanencryptedmessagethatonlyyoucanread,thatpersonwouldgetyour publickeyfromyourdigitalcertificate.(Actually,shewoulduseaprogramsuchas PGPtodothis).Withthatkeyandthenameoftheencryptionalgorithm,theperson canthenencryptthemessage.Thepublickeyisnotlikeakeyusedtoopenandlock doors.Thepublickeyisaonewaykey.Itsonlygoodforlocking(thatis, encrypting)butitcannotbeusedtounlock(thatis,decrypt)themessage.Forthat, weneedaprivatekey. Theprivatekeyiscreatedatthesametimeasthepublickey.Youcanshareyour publickeywithanyonewhomightwanttosendyouanencryptedmessageandyou donothavetoworryaboutthemreadinganencryptedmessagesomeoneelsesent toyou.Theonlywaytodecryptamessageencryptedwithapublickeyistousethe correspondingprivatekey.Aslongasnooneelsehasyourprivatekey,theycannot readyourencryptedmessages.

18

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

WithEnoughTimeandResources Itisnottheoreticallyimpossibletoreadsomeoneelsesmessagewithoutthe privatekey.Ifyouhaveenoughcryptographicknowledgeandaccesstolarge scalecomputingresources(thinklargesecretgovernmentagencylevel resources),youcouldeventuallydecryptamessagewithouttheprivatekey. Unlessyouarepassingaroundstatesecrets,thevalueofthedecrypted messageprobablywouldnotjustifythetimeandexpensenecessarytotryto crackthemessage.Byoneestimate,ifyoucouldcheckabillion (1,000,000,000,000,000,000)AESkeyspersectionitwouldtake 3,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 totryallpossiblekeys(Source:Wikipedia,BruteForceAttack). Theissuerandsubjectuniqueidentifiersareusedtostoreidentifiersthatwould uniquelyidentifyanissuerorsubjectincaseswherethenameofeitherentityis reused. Extensionswereaddedinversion3oftheX.509standardandsupporttheuseof additionalattributesthatcanbeusedtostoreseveralcommonextensionsaswellas privateinformationusedwithinacommunityofusers. X.509CertificateSpecification ForamoredetailedandformaldescriptionoftheX.509certificate,seethe InternetEngineeringTaskForceRFCathttp://www.ietf.org/rfc/rfc2459.txt. AnSSLcertificatecontainsthreebroadtypesofdata: Informationaboutthesubjectthatownsthecertificateandisidentifiedbyit Informationaboutthecertifyingauthoritythatissuedthecertificate Cryptographicinformationsuchasthesubjectkeyandalgorithm

YoucanexaminecertificatesonyourWindowsdevicesusingtheMicrosoftManagement Console(MMC)andtheCertificatesManagementsnapin(seeFigure2.2).Evenifyou haventinstalledanycertificatesyourself,youcanstillviewcertificatesthatareinstalled withtheWindowsoperatingsystem(OS).Thesearetypicallyfortrustedentitieslike certifyingauthorities.Yourorganizationmayalsohaveinstalledadditionalcertificates. Resource IfyouarenotfamiliarwiththeMMC,seeMicrosoftManagementConsole3.0 atMicrosoftTechnet. NowthatwevecoveredwhatisinanSSLcertificate,letstakealookathowthis informationisused.

19

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure2.2:TheMMCCertificatessnapintoolprovidesaviewerforreviewingthe contentsofSSLcertificates.

OverviewofHowSSLCertificatesSecureCommunications
SSLcertificatesplayakeyroleinestablishingsecurecommunications.Theyactually providetwoservices:identifyingapartyinthecommunicationandprovidingapublickey thatcanbeusedtoencryptmessagessentbacktotheserver.Aswewillsee,thepublickey isusedtosetupasecurecommunicationchannel,whichisthenusedtofurtherexchange informationandestablishanefficientandsecurechannelforexchangingdata. SSLandTLS:ARosebyAnyOtherName? TheSecureSocketsLayer(SSL)protocolisthepredecessoroftheTransport LayerSecurity(TLS)protocol.Theybothareusedforsecurely communicatingovertheInternet.Althoughtheyaredifferentprotocols,the generaldescriptionshereaddressconceptscommontoboth.SSL certificatesisacommontermusedtodescribedigitalcertificatesusedfor encryptionandauthentication,sothisguidewillusethetermSSLas synonymouswithTLS,asistypicallydone.

20

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Whenyounavigatetoaserverusingasecureprotocol,suchasHypertextTransferProtocol overSSL(HTTPS),yourcomputer,whichwellrefertoastheclient,willperforma handshakingprotocoltosetupasecurecommunicationchannel.Thestepsareasfollows: Theclientrequestsasecureconnectiontoaserverandpresentsalistofsecurity mechanismsitsupports.Theseareknownasencryptionciphersuitesthathavefunctions thattheclientcanworkwith.Fromthelist,theserverchoosesthemostsecureoptionthat itisabletosupportandsendsitschoicetotheclient.TheserversendsitsSSLcertificate, whichincludestheserversname,publickey,andtheidentityofthecertifyingauthority. Next,theclientmightsendamessagetothecertifyingauthoritytoverifythatthecertificate isstillvalid.Thisoptionisavailablebecauseitispossibleforacertificatetoberevoked duringitsvalidperiod.RevokedSSLcertificatescanbecheckedusingeithertheOnline CertificateStatusProtocol(OCSP)orcertificaterevocationlists(CLRs). Atthispoint,theclienthasauthenticatedtheserverandagreedonaciphersuite.The servermayoptionallyrequestaclientscertificateformutualauthentication.Thisismore likelyincaseswheretheclientshouldbeknown,suchaswhenusingavirtualprivate network(VPN);mutualauthenticationislesslikelyincaseswheretheclientiscontactinga publicWebsitesetupforgeneralcommerce(seeFigure2.3).

Figure2.3:StepstoestablishasecureconnectionusingSSLcertificates.

21

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Aftertheclientandserverhaveasecurechannel,theycansecurelyexchangeinformation thatallowsthemtocreateasecuresessionthatismorecomputationallyefficient.Themore efficientmethods,knownassymmetrickeycryptography,arefasterbutrequireboththe clientandservertoknowaboutasharedkey.Thenextstepsallowtheclientandserverto securelyexchangesuchasharedkey: Theclientgeneratesarandomnumberandencryptsitwiththeserverspublickey. Theserverdecryptstheencryptedrandomnumberusingitsprivatekey. Theclientandserverestablishasecurecommunicationusingasharedkeyandan encryptionmethodthatrequiresonlyonekeyforbothencryptionanddecryption.

Aftercompletingthesesteps,theclientandserverarereadytosecurelyexchangedata.

OverviewofHowSSLCertificatesSupportAuthentication PeterSteinersiconic1993NewYorkercartoonofacoupleofdogsinfrontofacomputer
withthecaptionOntheInternet,nobodyknowsyoureadogcapturesafundamental problemwiththeInternet:Howdoweknowwhoweareinteractingwith?Letsskipthe philosophicalissuesabouthowwecanknowsomethingandsettlefortrustingthat someone(orsomethinglikeaserver)iswhoorwhatitpurportstobe.

Wehaveabitofacircularproblemhere.Wewanttoknowhowwecantrustsomeone onlinewhenwedonttrusttheminthefirstplacewhentheyasserttobesomeoneor something.AnyofuscansetupaserverandputupaWebpageproclaimingtobeabank. Wemightevenproduceanauthenticlookingsitebycopyingpagesfromarealbank.How willcustomersknowthedifference?Theywillknowbecausewewillnotbeabletogetan SSLcertificatefromatrustedcertifyingauthoritythatvouchesforouridentity.Themajor browserschangethedisplayofthenavigationbarwhendisplayingcontentfromasitethat usesSSLforidentificationandencryption(seeFigure2.4).Locksareusedtoindicate encryptedcommunication.ThegreenbarindicatestheuseofaspecialtypeofSSL certificateknownasExtendedValidation(EV)SSLcertificate,whichwelltalkaboutabit laterinthischapter.

Figure2.4:Browsersautomaticallychangethenavigationbardisplaywhen renderingcontentfromasitewithatrustedSSLcertificateusingencrypted communication.

22

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

ThechangesinthebrowserdisplayareavisualcuethatthesitehasanSSLcertificatethat hasbeenprovidedbyatrustedcertifyingauthority.Browserscomepreconfiguredwitha setoftrustedcertifyingauthorities.Whenaconnectionismadetoaserver,theserver sendsitsSSLcertificatetothebrowser.Thebrowserthenmakesanumberofchecks: VerifyingthatthedomainnameofthesitematchesthedomainnameoftheSSL certificate Verifyingthecurrentdateiswithinthevaliddateranges Checkingtheissuerandverifyingitisoneofthetrustedcertifyingauthorities knowntothebrowser

Whenacertificateisissuedbyacertifyingauthoritythatisnottrustedbythebrowser, mostbrowserswilldisplayawarningmessage(seeFigure2.5). WarningmessagessuchastheonethatFigure2.5showsasaruleshouldnotoccurwhen workingwithtrustedcommercialorgovernmentsites.Youarelikelytoseeawarningif younavigatetoasitethatisusinganinvalidcertificateoracertificatethatwasgenerated byanuntrustedauthority.Certificatesmaybeinvalidbecausetheyhaveexpiredorthe domainnameofthesitedoesnotmatchthesubjectnameonthecertificate.Youmayalso seesuchmessageswhenusingselfsignedcertificates,whichwecreateforourselves,for example,inadevelopmentenvironment.

Figure2.5:AnexamplewarningmessagepresentedbyabrowserwhenanSSL certificateisusedbyacertifyingauthoritythatisnottrustedbythebrowser.

23

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

NowthatithasbeenestablishedthatSSLcertificatesprovidethemeanstoencrypt communicationsandauthenticateservers,itistimetoconsiderhowthesecapabilities workwithWebapplications.

WebApplicationsWithoutandWithSSLCertificateProtection
Letsconsidertwoscenarios:WebapplicationswithoutSSLcertificateprotectionandWeb applicationswiththeirsecuritybenefits.Wellstartwiththeunsecuredexamples.

Scenario1:WebApplicationsWithoutSSLCertificateProtection
ConsideranexecutiveworkingwithaWebcollaborationapplication.Theapplication supportscommonfunctionsneededforgroupworkincludingtheabilitytouploadfiles, searchcollectionsofdocuments,andaddnotesandothermetadataaboutthedocuments. ThecollaborationapplicationdoesnotuseSSLcertificatesandinsteadreliesonother securitymeasures,suchasaccesscontrolsandnetworksecurity,toprotectitsusers. Theexecutiveinourscenarioisworkingonaproposalforanewclient.Thevalueofthe potentialcontractissubstantial,andtherearemultiplecompetitorsvyingforthework. Today,theclientdecidestogetawayfromtheofficetoworkontheproposal.Sheheadsto thecoffeeshopdownthestreetandsetstowork.Afteracoupleofhours,theexecutiveis readytouploadtheproposaltothecollaborationserver.Sheconnectstothecoffeeshops WiFi,startsthecollaborationapplication,anduploadstheproposal.Unknowntoher, someoneelseinthecoffeeshopwasmonitoringnetworktrafficinsearchofsomeuseful competitiveintelligence.Figure2.6illustratesthisscenario.

Figure2.6:Unsecuredcommunicationscanbedetectedandcapturedbyothers.

24

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

ThecommunicationwasnotencryptedbytheapplicationserverorontheWiFinetwork, sothedocumentwassentascleartext.Thisallowedathirdpartytopickupthenetwork trafficanddiscoverthecontentsofthedocument.Whatevercompetitiveadvantagethe executivesfirmhadcouldhavebeenunderminedbythisdataleak. Note Althoughthisexampleisfictitious,thiskindofattackisnot.See,forexample, cyberattacksonenergycompaniesforproposaldata. UnauthorizedmonitoringofcommunicationisonlyoneproblemwithnotusingSSL certificates.Anotherproblemisthepotentialforsomeonecreatingaserverthatappearsto belegitimatebutisactuallyonlymasqueradingasalegitimateserver.Thisisknownas spoofing. Consideranotherscenario.Oneofyourregularcustomersdecidestocometoyour companysitetoplaceanorder.Shehasdonethisdozensoftimesanddoesntthinkmuch aboutit.Shetypesinyoursitesdomainnameandseestheusualorderpage.Shetriesto startaneworderbutreceivesanerrormessage.Itseems,accordingtotheWebpage displayed,thatyourcompanyhaslostsomecustomerdataincludinghers.Sheisprompted toenterhernameandbankaccountinformation.Theproblemis,thisisnotyourbusiness siteandyourcustomerhasnowaytotell. Unknowntothecustomer,theservicethattranslatesdomainnamesintoInternet addresses(domainnamesystemDNS)forherhasbeencompromised.Itseemsher companyhasbeenthevictimofaDNScachepoisoningattack.DNSserverstranslate domainnames,suchaswww.example.com,intoanumericaddress,suchas192.169.0.1. WhenaDNScacheispoisoned,someonechangesthelegitimatenumericaddresstoone assignedtoanattackercontrolledserver.Yourcustomerstrafficisroutedtotheattackers serverwithnoobviousindicationsomethingiswrongasFigure2.7shows.

25

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure2.7:WithoutauthenticationprovidedbySSLcertificates,userscanbeluredto usespoofedserversandapplicationsthatappeartobelegitimateserversand applications. Incaseyoumightbetemptedtothinkthateavesdroppingonyourcommunicationsor serverspoofingisonlyatheoreticalproblemthatisnotlikelytoaffectyou,considerthese additionalpoints: Sidejackingattacksinvolveusingunencrypteddatatoallowanattackertostealyour sessioninformationandinteractwithaWebsiteasiftheattackerwereyou.Seethe Firesheeptoolforademonstrationofhowthiscanbedone. AttackerscanfindwirelessnetworkswithtoolslikeNetStumbler,andevenifthe networksarenotbroadcastingidentificationdata,toolslikeKismetcanbeusedto getthatdata. Auditingandtestingtools,suchasDSNiffcanbeusedtoscannetworktrafficgreat fortestingweaknessinyournetworkbutthesetoolsarejustasusefultoattackers withmaliciousintent.

26

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

WithouttheencryptionandauthenticationprotectionsenabledbySSLcertificates,weand ourcustomersandcollaboratorsarevulnerabletoavarietyofattacks.Letsconsiderthe earlierscenariosbutwithSSLcertificatesinplace.

Scenario2:WithSSLCertificateProtection
Inthecaseoftheexecutiveworkinginthecoffeeshop,hadthecollaborationserverused SSLcertificates,theexecutivecouldsendsecurecommunicationstotheserver.Intheevent thatanattackerinterceptedthetraffic,itwouldappeartobearandomstreamofdata,nota valuableandconfidentialbusinessproposal(seeFigure2.8).

Figure2.8:WithSSLcertificatebasedencryption,datatransmittedoverwireless networkswillappeartobemorelikerandomdatathanwhatitactuallyrepresents. Thecaseofthecustomerwhomaliciouslyredirectedfromherintendedtargettoan attackercontrolledWebsitewouldturnoutdifferentlyaswellifSSLcertificateswere used.Oneoftheproblemsforthecustomerwasthattherewasnoindicationthatshewas atamalicioussite.WithSSLcertificateauthentication,shewouldhavereceivedawarning fromherbrowserthatsomethingwasnotconsistentwiththemalicioussite. IfthemalicioussitewasusinganSSLcertificate,itwouldhaveinconsistentinformation becauseeitherthecertificatesubjectentitywouldbesomethingtheattackercouldgeta certificatefor,whichwouldnotmatchthespoofeddomainname,ortheattackeracquired anSSLcertificatefromanuntrustedprovider.Ineithercase,theuserwouldbealertedto thefactthatsomethingwasnotasitusuallyis.

27

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure2.9:Aspoofingattackwouldtriggeranerrorontheclientbrowserandalert thecustomertothefactthatthereissomekindofproblemwiththesite. SSLcertificatesenableencryptionandauthentication,butbusinessesneedmorethanthat. Businessesneedtoknowtheycantrustwhotheyaredealingwith.Thatistheultimate reasonwedeploySSLcertificates.

AuthenticationandTrust
Trustcannotbereducedtodigitalcertificatesorencryptedmessages.Trustisestablished overtimeandrequiresonepartytobeconfidentthatanotherpartywillfunctionas expected.Wecanthavetrustwithbusinessesorindividualswenevermetorhavenot heardof.Wecan,however,establishatrustrelationshipwithanunknownpartywhenwe trustathirdpartyandthatthirdpartyassuresusthattheunknownpartyistrustworthy. Thisroleoftrustedthirdpartyisplayedbycertifyingauthorities.Thesearecompaniesthat havebuiltabusinessandareputationaroundthebusinessofverifyingidentities.

28

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

HowCertifyingAuthoritiesAuthenticate
TheInternetcommunityhasdifferentlevelsofneedwhenitcomestoverifyingidentities. Forexample,wemightbereadytoputinformationaboutourcalendarintoasite establishedtoschedulecompanysoftballgameswithminimalverificationbutwearemuch morecarefulaboutouronlinebankingpractices.Certifyingauthorizeshavecreated differentproceduresforverification,dependingontheleveloftrustthatisneeded: Domainlevelverificationsareusedwhenthecertifyingauthorityneedstoestablish thattherequestorofacertificateistheownerofadomainname.Checkingthe domainregistrymaybesufficientforthis.(Seewhois.netoranyoneofmanyother servicesthatprovidedetailsaboutdomainowners.) Businessverificationisusedwhenacertificateistobeprovidedtoabusinessand moreevidencethandomainownershipisrequiredtoestablishidentity. Extendedvalidation(EV)certificatesrequirethemostcomprehensiveverification, includinglegaldocumentationandchecksonthephysicallocationofthebusiness.

Certifyingauthoritiesgothroughvaryinglevelsofduediligencetoverifytheidentityof domainsorbusinessesthatreceivetheircertificates.Thatisonlyonepartoftheprocess forestablishingtrust.Anotherpartiseducatingusersaboutthesepracticesandproviding informationonhowtoensurethatlegitimatecertificatesareinplace.

DevelopingTrust
Businesseshavelongusedmarkstoindicateaproductorserviceistrustworthy.Marks rangingfromtheUnderwritersLaboratoriesULsymboltotheBetterBusinessBureau logohavebeenusedtoindicatethesafetyofproductsandthetrustworthinessof businesses.Withtheemergenceofonlinebusinessactivity,itwouldhelptohavetrust markssuitablefortheInternet.WehavetrustindicatorswithSSLcertificates,whichusea lockinthebrowseraddressbartoindicateasecurecommunicationschannel.Greenbar indicatorsareusedwithEVSSLcertificates.Businessescanhelppromoteknowledgeabout thesetrustmarksbyeducatingcustomersabouttheiruseandbyusingthemonbusiness sitesaswellaspromotingothersafeonlinepractices.Trustcanbefurtherreinforcedwith trustmarkssuchasatrustedsealfromacertifyingauthorityoranestablishedorganization suchastheBetterBusinessBureau. BusinessesshouldalsousetheappropriatetypeofSSLcertificatefortheirneeds.When lowtrustisrequiredbyusers,asimpledomaincertificatecanbeused.Sitesthatdonot collectconfidentialorprivateinformation,donotrequirefinancialinformationorcredit carddata,anddonotdealwithotherhighlyvalueddatamaybewellservedby conventionaldomainorbusinesslevelcertificates.Whenadditionalverificationis requiredtohelpassureusersthatthesiteislegitimate,EVcertificatesshouldbe consideredbecausetheyprovidehighlyvisibletrustindicatorssuchasthegreenbarand thedisplayoftheorganizationname.

29

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Also,todeveloptrust,trytoavoidsituationsinwhichyourSSLcertificateswillgenerate errormessagesoncustomerbrowsers.Thesecanoccurforanumberofreasons,sobesure tofollowbasicguidelinesforgoodSSLcertificatemanagement: Donotuseselfsignedcertificatesforcustomerorotherexternallyaccessedservers Usecertificatesfromcertifyingauthoritiesrecognizedbyallmajorbrowsers Keepcertificatesuptodateandrenewthembeforetheyexpire

Acombinationoffactorsgoesintoestablishingtrust:workingwithknownandtrusted certifyingauthorities,usingtheappropriatetypesofSSLcertificates,andusingtrustmarks andeducatingusersaboutrisks.

Summary
SSLcertificatesenableencryptionandauthentication.TheseareessentialforsecuringWeb applicationsandprotectingcustomersfromeavesdropping,dataleaks,andspoofing attacks.SSLcertificatesenablekeyfunctionalityrequiredtobuildatrustrelationship betweenbusinesspartnersthatmightnothaveapreexistingrelationship.Thebest designedapplicationcanhaveallthefeaturesandcapabilitiesthatuserswant,butifusers donottrusttheapplication,thosefeaturesmaynotbeused.

30

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Chapter3:Planning,Deploying,and MaintainingSSLCertificatestoProtect AgainstInformationLossandBuild CustomerTrust

SSLcertificatescanplayanimportantroleinsecuringWebapplicationsbutaswithanyIT system,especiallysecuritymechanisms,itpaystoplanhowyouwilldeployandmaintain thatsystem.Inthepreviouschapters,wehaveexaminedhowdatalosscanundermine customertrustandhowSSLcertificatescanbeusedtoprotectonlinebusinessand maintaincustomertrust.NowthatwehavecoveredtheconceptualelementsofwhatSSL certificatesdoandhowtheywork,itistimetodiscussimplementationdetails. ThischapterwillassumeyouunderstandthebasiccomponentsofanSSLcertificateand howitworks,andareinterestedinimplementingSSLcertificatestoprotectyourWeb applications.Thischapterisdividedintofourmainsections: PlanningfortheuseofSSLcertificates DeployingSSLcertificates MaintainingSSLcertificates ChoosingtherighttypeofSSLcertificateforyourneeds

ThischapterwillprovideguidancetohelpyoudeploySSLcertificatesinawaythatcanbe sustainedforthelongtermwithoutcreatingundomanagementburdens.Therewilleven betipsandinstructiononhowtodobasicSSLcertificatemanagementtasksinWindows andLinuxoperatingsystems(OSs);however,thischapterisnosubstituteforsystem documentation.

PlanningfortheUseofSSLCertificates
TheplanningstageofdeployingSSLcertificatesconsistsoftwomaintasks:identifying applicationsandserversthatwillbenefitfromhavinganSSLcertificateanddetermining whichtypeofSSLcertificateisappropriateforeachusecase.

31

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

ProcessandAssetInventory
Thismaysoundstrange,butforthenextseveralparagraphsforgetaboutSSLcertificates. SSLcertificatesaretoolstheyareameanstoanend.Fortherestofthissection,weare notinterestedinhowSSLcertificatescanprotectourWebapplications.Instead,oursole focusisonwhatneedstobeprotectedandwhyitneedstobeprotected. Tounderstandourneeds,wewillstartwithafewbasicquestions.First,whatapplications andserversareaccessedbycustomers?Thesemightinclude: CompanyWebsite Onlinecatalog Customersupportservicesportal Customerfeedbackapplication Ashipmenttrackingapplication Productdocumentation

Thisisawidevarietyofapplicationtypesandeachhasadifferentpatternofcustomer interaction.Considerhowyouwouldworkwitheachoftheseifyouwereacustomer. TheobjectofthisexerciseistounderstandyourrisktolerancewithregardstousingSSL certificates.Insomecases,anorganizationmaywanttouseSSLcertificatesoneveryserver andworkstation.Thiswouldbereasonableincaseswhereanunusuallyhighlevelof securityisrequired.AmiddlegroundapproachistoinstallSSLcertificatesonallWeb accessibleservers.Anorganizationwithahightoleranceforriskmaypickandchoose whichoftheirWebfacingserverswarrantanSSLcertificate.Inthefollowingsections,we willconsiderfactorsthatmayinfluencesuchadecision. CompanyWebSite ThecompanyWebsiteistheonlinepublicfaceofthecompany.Itprobablycontainsthe usualinformationlikeadescriptionofthecompany,newsandevents,product descriptions,andifyouhavephysicallocations,servicessuchasstorefinders.Itwilllikely includelinkstoonlinecatalogs,customersupport,andotherapplications,butthosearenot consideredpartofthecompanyWebsiteforourpurposes.Thosearesubstantial applicationsthathavetheirowndesign,deployment,andmaintenancelifecycles independentofthecompanyWebsite.Forthisexercise,thecompanyWebsiteprovides therelativelystaticinformationaboutacompanyaswellaslinkstootherWeb applications,suchasanonlinecatalog.

32

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

WhencustomersorotheruserscometothecompanyWebsite,theyareprobablylooking forbasicinformation,suchascontactnamesandemailaddresses,productinformation, locations,timesofoperations,etc.Businessesoftentakeadvantageofthiscustomer interactiontocollectinformationformailinglists,surveys,andsoon.Ifthesiteisnot protectedwithSSLcertificates,customersmaybehesitanttoprovidepersonalinformation, leavingthebusinesstopursuemorecostlymeanstocollectthatinformation.Acompany withconventionalrisktolerancewouldwantcustomerstobeabletoauthenticatethe companysWebsite(seeFigure3.1).

Figure3.1:SSLcertificateprotectionisnotrequiredwhenprimarilypublic informationisexchangedbutthereisaneedtoauthenticatetheserverwhen collectingcustomerdata,suchasnamesandaddresses. OnlineCatalog Theonlinecatalogallowscustomerstobrowseandsearchforproducts,collectsetsof itemstobuy,payforthem,andthenhavethemshipped.Thereisprobablysometypeof databaseapplicationbehindthisWebsiteaswellaslinkstosupportingservicessuchas creditcardprocessingservices.Theusersinteractionswithanonlinecatalogare substantiallydifferentfromthosewithacompanyWebsite.Forexample,acustomeris likelyto: Browseaparticulartypeofproductorsearchforaspecificproduct Reviewmultipleproducts Readdescriptions,reviews,andothermaterialaboutproducts Selectitemsforpurchase Providepersonalinformationincludingnames,addresses,andcreditcardnumbers

Theinteractionsinthiscaseincludesbothgettinginformationfromtheapplication,similar towhatwesawwiththecompanyWebsite,andprovidinginformationtotheapplication.

33

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Thefactthatthecustomerisprovidinginformationtothebusinessisafundamental differenceamongapplications.Whenitcomestopersonalinformation,suchasnames, addresses,andpaymentaccountinformation,itisprobablyagoodbettoassumethatthe customerwantstokeepthatprivate.Asyourcustomer,Imayhavenoproblemsharingmy creditcardnumberwithyou,butIdontwantanyoneelsetohaveaccesstoit. Dependingonthesizeofthetransaction(andthecreditlimitonthepaymentcard), customersmaybeparticularlycautiousaboutprovidingpaymentcardinformationtoan unfamiliarcompany.Ifthecustomerisshoppingattheonlinestoreforanationalretail chain,shemayfeelconfidentthatthesiteandthebusinessbehinditarelegitimate.Ifthisis thefirsttimethecustomerhasvisitedthissiteoritisnotwellknown,majorbrandthere maybesomehesitationabouttrustingthissite. Thisapplicationcollectsconfidentialinformation,sotheWebandapplicationservers supportingitshouldbeauthenticatedwithSSLcertificates(seeFigure3.2).Theywould alsobeusedtoenableencryptedcommunicationbetweentheapplicationandthe customer.ThebusinessshouldconsiderandExtendedValidation(EV)SSLcertificateto demonstratecompliancewithstricteridentityverificationstandards.

Figure3.2:Confidentialinformationisexchanged,sothereisaneedtoauthenticate theserverandprovidedencryptedcommunications.AnSSLcertificateisrequiredin thisscenarioevenforhighlyrisktolerantorganizations. CustomerServiceSupportPortal ThecustomerservicesupportportalisaWebapplicationdesignedtoallowcustomersto managetheiraccounts,reviewpastpurchasesandinvoices,andsetpreferences,suchas shippingandbillingmethods.Customerswillwanttokeeptheirinformationprivate,so accesscontrolsareinplaceandcustomerswillhaveaccessonlytotheiraccount information.Theseaccesscontrolswillkeepcustomerdataprivatewhenitisstoredinthe applicationdatabasebutdoesnothelpwhendataistransmittedfromtheapplicationtothe customer,soencryptionisrequiredforalltransmitteddata.

34

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Thisapplicationcollectsconfidentialinformation,sotheWebandapplicationservers supportingitshouldbeauthenticatedwithSSLcertificates.Theywouldalsobeusedto enableencryptedcommunicationbetweentheapplicationandthecustomer. CustomerFeedbackApplication Thecustomerfeedbackapplicationcollectscommentsandemailsthemtoaspecialemail accountcreatedtotracksuchmessages.Thesecommentsshouldbeconsideredprivateand confidentialbecausethebusinesswouldwanttocollectfrankandclearcomments,whicha customermightnotwanttodisclosetoothers.Thisapplicationshouldbeprotectedwith SSLcertificatestoensuredataisencryptedduringtransmission.Theauthenticationservice enabledbytheSSLcertificatewillhelpassurethecustomerthatsheisworkingwitha legitimateapplication.Hereagain,riskadverseorganizationswilluseSSLcertificatesto authenticatetheircompanysapplications. TrackShipmentApplication Insomecases,atrackshipmentapplicationisarelativelysimpleapplicationthatactsasa frontendtoservicesprovidedbythemajorshippersusedbythecompany.Customers enteranordernumberandtheapplicationlooksuptheshippingcompanyforthatorder, contactsthatcompanystrackingWebservice,anddisplaystheresults.Inmorecomplex trackingsystems,customersmayprovidefeedback,whichshouldbeconsidered confidential,soSSLbasedencryptionshouldbeused. SSLcertificatesarenotrequiredforsimpletrackshipmentapplicationsinhighlyrisk tolerantorganizations,butformoderaterisktoleranceprofilesorincaseswhere confidentialinformationisexchanged,SSLcertificatesshouldbeused.Inaddition,the shippingcompaniesshoulduseSSLcertificatesfortheirserverssothatcompaniessuchas theonedescribedherecanauthenticatetheservertheyarecommunicatingwith. ProductDocumentation Aproductdocumentationapplicationallowscustomersandemployeestosearcha databaseofcontentofusermanuals,technicaldocuments,andothermaterialtohelp customersandemployeesuseproductssoldbythecompany.Productdocumentationis oftenconsideredproprietaryinformationandshouldbeprotectedassuch. Inthisscenario,thecompanyisconcernedaboutmaintainingtheconfidentialityand integrityofthedocumentation.Theyhaveestablishedstrictaccesscontrolstomitigatethe riskofincorrectdocumentationbeingplacedinthedatabase.Thereissomeconcernthatif amaliciouspranksterspoofedthesiteandluredcustomerstoafakeversionofthesite,the companysreputationcouldbedamaged.

35

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Figure3.3:Publicinformationdistributedtobothinternalandexternalusersdoes notrequireSSLcertificateprotection. SSLcertificateprotectionisrequiredforencryptionandauthentication.Iftheperceived riskishighandtheexpectedimpactofapossiblespoofingattackisgreatenough,anSSL certificateshouldbeusedforauthentication.

36

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

MultiTierApplications
HavingcompletedtheapplicationbasedassessmentofourSSLcertificaterequirements, wenexthavetodelveintoserverlevelrequirements.Incasesofsimpleapplicationsthat runonasingleserver,onewouldonlyneedacertificateforthatserver.Manybusiness applications,however,requiremultipleserverssuchasWebservers,applicationservers, anddatabaseservers.

Figure3.4:Multitierapplicationsdependonmultipleservers.Iftheapplication requiresSSLcertificates,thenusuallyallserverswillrequireSSLcertificates. Figure3.4showsamultitieredapplication.Inthisscenario,confidentialdata,suchas paymentdataorcustomeraccountdata,movesthroughseveralservers.Thetrustthata customerhasintheapplicationhastobuildontrustintheserversthatimplementthe application.Insuchcases,themostsecureoptionistouseSSLcertificatesonallserversin themultitierarchitecture.Itisconceivablethattheremaybeaserverprovidingsome basicfunctionthatneverreceivesorprocessesconfidentialinformation.Insuchacase,one couldargueagainstauthenticatingthatserverviaanSSLcertificate;however,giventhat requirementsmightchangeandthatconsistencyofteneasesmanagementburdens,it mightbeworthwhileusingSSLcertificatesonallserversinthearchitecture.

37

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Ingeneral,theplanningprocessconsistsofasimilarexercisetotheonedescribedearlier. Assessthewayprivateandconfidentialinformationflowsfromthebusinesstocustomers andfromserversanddevicesimplementingtheapplication.Specifically,besuretoaskthe followingquestions: Whatapplicationsandserversareaccessedbycustomers? Whatapplicationsandserversareaccessedbyothertrustedapplications? Whatapplicationsaccessconfidential,private,orsensitivedata?

Withanswerstothesequestions,wecandeterminewhichapplicationsandserversneed SSLcertificateprotection.ThenextquestiontoaddressiswhattypeofSSLcertificate shouldbeused.

DeterminingtheTypeofSSLCertificateRequired
AlthoughallSSLcertificatesarefundamentallythesameintermsofformandfunction, therearedifferences.Therearecertificatesforsingleservers,formultipleserverswithina domain,andthereareevensomethatworkespeciallywellwithemailservers.Letslookat criteriaforchoosingbetweenthese. Asingleservercertificateisappropriateforaserverthatismanagedanddeployed relativelyindependentlyofotherservers.Adomainwildcardcertificateallowsmultiple serverstousethesamecertificate.Theseserversuseasubjectssuchas*.example.com whichmatchesanyserverintheexampledomain.Thisisusefulwhenanumberofservers inadomainrequirecertificates.Usethesecarefully,though.Thiscertificatecanbecopied andusedonanyserverinthedomain,whichcouldresultineitherunauthorizeduse and/ordifficulttomanagecertificatesiftheyarenotproperlytracked. EVSSLcertificatesareappropriateforcustomerfacingWebsitesandapplicationsthatwill processhighvalueprivateandconfidentialinformation,suchasbankaccountinformation orpersonalhealthcareinformation.Businessesandorganizationsthatmaybetargetsfor cybercriminalsshouldconsiderthevalueofhavinganEVSSLcertificateandthe correspondingvisualcuespresentedtocustomers.Thisisonewaytohelpcustomers distinguishbetweenalegitimatesiteandafraudulentone. AttheotherendofthetrustspectrumfromEVSSLcertificatesareselfsignedcertificates. Thesecertificatesdonotinvolveatrustedthirdpartyasacertifyingauthorityinstead someonewithinacompanycreatesanSSLcertificatehimself.Thereisnotmuchpointin havinganSSLcertificatethatassertsTrustmebecauseIsaysoonapublicfacingWeb site.ExternalfacingapplicationsneedanSSLcertificatethatassertsTrustmebecausea trustedthirdpartyhasvouchedformyidentity.Selfsignedcertificatesareusedfor internalpurposessuchasdevelopmentandtesting.

38

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Selfsignedcertificateshaveanumberofadvantagesfordevelopmentandtesting: Theycanbecreatedquickly Theyincurminimal,ifany,cost Theycanbecustomizedtomeetspecificneeds;forexample,validationperiods,wild cardsubjects,etc. Theyaremanagedcompletelyinternallyanddonotdependoninteractionswitha thirdparty

PlanningSSLcertificatedeploymentsisacriticalstepthatallowsyoutoidentifywhich applicationsandserversneedSSLcertificates.Thisstepinturnallowsyouthentoselect thebesttypeofSSLcertificatesforyourrequirements.Thenextsteptofollowafterthis processistoactuallydeploytheSSLcertificatestoyourservers.

KeyPointsAboutChoosingandDeployingSSLCertificates
Asyouareplanning,deploying,andmanagingSSLcertificates,keepinmindseveralkey pointsaboutchoosinganddeployingthem.SSLcertificatesareusedfortwosecurity operations:securingcommunicationsandauthenticatingsystems. Securecommunicationsarerequiredforwhenconfidentialorprivateinformationis exchanged.Thisiscertainlythecasewhendatasuchascreditcardnumbersareexchanged, butthisisnottheonlyscenario.Sometimesattackerscanpiecetogetherinformation incrementallyovertime.Theremaybenocasewhereasingletransactionhadallthe detailstheattackerneededtostealinformationorcompromiseasystem,butiftheattacker hasaccesstomultipletransactionsordataexchanges,itispossibletoculluseful informationtofurthertheattackersobjectives. AuthenticationwithSSLcertificatesallowsclientdevicestoverifythattheservertheyare workingwithpossessesacertificatefromatrustedthirdpartycreatedforuseononlythat server(orsetofserversinthecaseofwildcardorSANcertificates).Confidenceyouare workingwithalegitimateserverisabuildingblocktosomethingmoreimportant:building thetrustbetweenacustomerandabusiness. WeuseSSLcertificatestomitigatetheriskthatuserswillbeluredintousingillegitimateor otherwisemaliciousdevices.Customershavevisualcues,suchaslocksandgreenbar indicatorsthatreinforcetheideathatparticularsecuritymeasuresareinplacetoprotect thiscustomer.Ideally,customerswillunderstandthatlackofsuchcuesonsitesthat usuallyhavethemisanindicatorofapotentialproblem. SSLcertificatesarelikeanyITasset,theyrequiremaintenance.Fortunately,thisisminimal. Thekeythingsweneedtokeepinmindoncewehaveselectedtheappropriatetypeof certificateistomonitorthevaliddatesofuseandtotracktheuseofwildcardcertificatesso thattheyarenotusedonserversforwhichtheyarenotintended.Alsoconsiderwhether youhavespecialrequirementsthatmightnecessitateaSANSSLcertificate.

39

TheShortcutGuidetoProtectingAgainstWebApplicationThreatsUsingSSL

DanSullivan

Summary
WebapplicationsoftenrequiretheuseofSSLcertificatesinordertoenablebasic authenticationandencryptionservices.PlanninghowtobestdeploySSLcertificatesbegins withassessingthekindsofoperationsperformedbyapplications.Dotheyexchangeprivate orconfidentialdata,suchascreditcardinformation?Ifso,thenSSLcertificatesshouldbe usedtoenableencryptionandpreserveconfidentiality.Isthereariskofcustomersbeing luredtomalicioussitesthatappeartobeoneofyourbusinesssites?Ifso,thenSSL certificatesareneededforauthentication. DeployingSSLcertificatesisnotdifficult,buttheprocessisoftenspecifictoyourOSor application.Someapplications,suchasMicrosoftIIS,havespecializedtoolsformanaging SSLcertificates.Fortunately,onceSSLcertificatesaredeployed,theyhaverelativelylow maintenancerequirements.

40