As the use of web services has greatly increased over the past decade, the importance of security has also increased accordingly. HTTPS is one of the first protection methods. HTTPS uses SSL encryption communication with HTTP, which is an existing web service protocol so that only the server and the user can check the contents. This is widely used as it is very important, and recently, it is known that Google's Chrome will set a warning such as warning about sites that do not provide HTTPS. However, there are many security vulnerabilities founded in the SSL, which often leads to the failure to provide basic security. If an SSL vulnerability is found, the attacker can intercept the data that can only be verified by the server and the user, which can cause verification problems. Most security vulnerabilities occur in open source SSL libraries that are actively used in the market. There are also cases in banks, payment systems, etc. where the security is extremely important. You need to understand the basic flow of SSL communication first. The most secure communication among SSL communication is TLS v.1.2, then TLS v.1.1, TLS v1.0, and SSL v.3.0 in that order. A typical computer tries to communicate with TLS v.1.2, which is the highest and safest communication. If communication fails, it will automatically attempt to communicate with the lower version. One of the SSL vulnerabilities is called POODLE, first found in 2014, an attack using the most vulnerable SSL v.3.0. POODLE is an attack mechanism that exploits this communication flow. The attacker disables the users to access with TLS v.1.2. The user and the server, without the attacker’s acknowledge, retries the connection with low version until it connects with SSL v.3.0, the lowest security. Then the attacker decrypts the contents to read it. Sensitive information can be leaked in this way because the level of encryption is low enough for an attacker to see the contents. It is very dangerous because the user cannot easily find out even when the attack is ongoing. Another vulnerability is called the DROWN vulnerability discovered in 2016. It is one of the attacks very similar to the POODLE attack just described. It is one of the attack methods that read the attack data of the general user by using the lower SSL version. The user and the server are not aware of the attack situation at all. Currently, SSL v.2.0 is officially stopped support and forbidden from usage. However, when the DROWN vulnerability was first discovered, about 33% of the servers were still using SSL v.2.0. The first thing you need to do to prepare for SSL vulnerabilities is simply, stop using low-level SSL. Because SSL-targeted attacks are primarily targeted at low-level SSL, companies developing SSL libraries are also advised not to use low-level SSL. Second, you can use WAF to handle SSL communication. Handling SSL communication means that you can prevent intervention. Lastly, avoid using the open source SSL library on the server. The SSL vulnerability exploits a very large number of attacks against open source libraries. It is very easy to use and efficient as it’s open to the public, meaning there are a lot of servers.
AIONCLOUD BLOG
Share information related to AIONCLOUD !