Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Razors Edge - Cutting your TLS Baggage

402 views

Published on

A talk on effecting change across a large organization, given at O'Reilly Security 2017.

Write-up will be posted at https://www.netmeister.org/blog/razors-edge.html

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The Razors Edge - Cutting your TLS Baggage

  1. 1. @jschaumaO’Reilly Security 2017 Cutting your TLS baggage Jan Schaumann
  2. 2. A really boring talk. @jschaumaO’Reilly Security 2017
  3. 3. I really like boring. @jschaumaO’Reilly Security 2017
  4. 4. I really like boring. I’m so boring, even BoringSSL is too exciting for me. @jschaumaO’Reilly Security 2017
  5. 5. @jschaumaO’Reilly Security 2017 http://peering.oath.com/
  6. 6. @jschaumaO’Reilly Security 2017 “There are two types of companies: those that have been hacked and those that don't know it yet.” — every #infosec nerd, smugly No, seriously, that includes yours. — this guy, jaded
  7. 7. @jschaumaO’Reilly Security 2017
  8. 8. @jschaumaO’Reilly Security 2017
  9. 9. @jschaumaO’Reilly Security 2017 $ units You have: a huge infrastructure with lots of baggage You want: a unified ingress serving platform * lots of work across tons of teams / 0 Floating point exception (core dumped) $
  10. 10. @jschaumaO’Reilly Security 2017 $ units You have: an https service You want: to accept end-user traffic from the internet - keep up with changing requirements - implement critical updates across all systems in <24h - run latest stable release of supported software - implement non-critical updates within <3 months $
  11. 11. Be f*ckin explicit about general things. @jschaumaO’Reilly Security 2017
  12. 12. Be f*ckin explicit about general things. (Common sense ain’t.) @jschaumaO’Reilly Security 2017
  13. 13. @jschaumaO’Reilly Security 2017 $ units You have: …uhm, good question ^C $
  14. 14. @jschaumaO’Reilly Security 2017 - certificates with a Not Before date set prior to the Unix epoch (00:00:00, January 1st, 1970) - certificates with a Not Before date set in 2023 - certificates with a Not Before date set to ”110204212630-1200” - certificates with a Not After date set in 1902 - certificates expiring 10 years in the future - certificates expiring in 2100 - certificates expiring in the year 4752 - self-signed certificates galore - various properties having stood up their own CAs - key length of 512 - certificates with an MD5 signature - publicly used certificates that expired -15 years - cipher suites using a NULL encryption cipher - cipher suites using a NULL authentication cipher - cipher suites offering export ciphers - 14 different versions of OpenSSL - systems vulnerable to Heartbleed, POODLE, Logjam, FREAK, DROWN, and $SILLYNAME - certificates with ~200 SANs - certificates without either a CN or a SAN - certificates with a CN of "*" Weird things we found:
  15. 15. Any sufficiently large infrastructure is indistinguishable from the internet. @jschaumaO’Reilly Security 2017
  16. 16. @jschaumaO’Reilly Security 2017
  17. 17. One in a million is next Tuesday every couple of minutes. @jschaumaO’Reilly Security 2017 https://blogs.msdn.microsoft.com/larryosterman/2004/03/30/one-in-a-million-is-next-tuesday/
  18. 18. The lowest common denominator will always drag you down. @jschaumaO’Reilly Security 2017
  19. 19. The lowest common denominator internet of unpatchable crap will always drag you down. @jschaumaO’Reilly Security 2017
  20. 20. IoT is when “smart” means “dumb”. @jschaumaO’Reilly Security 2017 https://www.philips.com/a-w/mobile-privacy-notice/smart-shaver-app.html
  21. 21. @jschaumaO’Reilly Security 2017 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA ECDSA missing - coming soon! ChaCha20/Poly1305 missing - coming soon! Prefer Forward Secrecy Prefer GCM over CBC Prefer faster “good enough” over slower, stronger.
  22. 22. @jschaumaO’Reilly Security 2017 Lowest common denominator is low… https://github.com/jschauma/cipherdiff
  23. 23. @jschaumaO’Reilly Security 2017 $ units You have: an x509 certificate You want: to accept end-user traffic from the internet - be issued by approved CA - have Certificate Transparency - RSA keys >= 2048; ECDSA >= 256 - misc. CN/SAN restrictions - validity <= 6 months $
  24. 24. @jschaumaO’Reilly Security 2017
  25. 25. @jschaumaO’Reilly Security 2017 https://github.com/jschauma/certdiff
  26. 26. If it hurts, do it more often. @jschaumaO’Reilly Security 2017 https://www.martinfowler.com/bliki/FrequencyReducesDifficulty.html
  27. 27. @jschaumaO’Reilly Security 2017
  28. 28. @jschaumaO’Reilly Security 2017 #Infosec Minimum Viable Protection
  29. 29. 1) get buy-in from exec. @jschaumaO’Reilly Security 2017
  30. 30. 0) get pwned 1) get buy-in from exec. @jschaumaO’Reilly Security 2017 https://www.netmeister.org/blog/crazy-like-a-fox.html
  31. 31. 0) get pwned 1) get buy-in from exec. 2) incremental changes @jschaumaO’Reilly Security 2017
  32. 32. Perfect is the enemy of the good. "Eh, good enough." is the enemy of actually good. @jschaumaO’Reilly Security 2017
  33. 33. 0) get pwned 1) get buy-in from exec. 2) incremental changes 3) sell something @jschaumaO’Reilly Security 2017
  34. 34. @jschaumaO’Reilly Security 2017
  35. 35. @jschaumaO’Reilly Security 2017 Patience, young skywalker.
  36. 36. 0) get pwned 1) get buy-in from exec. 2) incremental changes 3) sell something 4) profit @jschaumaO’Reilly Security 2017
  37. 37. @jschaumaO’Reilly Security 2017
  38. 38. 0) get pwned 1) get buy-in from exec. 2) incremental changes 3) sell something 4) profit @jschaumaO’Reilly Security 2017
  39. 39. @jschaumaO’Reilly Security 2017
  40. 40. 0) get pwned 1) get buy-in from exec. 2) incremental changes 3) sell something 4) profit goto 2 @jschaumaO’Reilly Security 2017
  41. 41. @jschaumaO’Reilly Security 2017 “We fight for the user. We must do better today that we did yesterday, and better tomorrow than we did today.” — Chris Nims, CISO / Chief Paranoid at Oath
  42. 42. @jschaumaO’Reilly Security 2017 Things to come: - ECDSA - Expect-CT - OpenSSL 1.1 (ChaCha20/Poly1305) - OCSP Must-Staple - shorter validity - apply to all Oath brands
  43. 43. Fake it 'till you make it. @jschaumaO’Reilly Security 2017 Effecting change
  44. 44. Chokepoints and defaults are your secret weapon. @jschaumaO’Reilly Security 2017 Effecting change
  45. 45. First: fix the future. @jschaumaO’Reilly Security 2017 Effecting change
  46. 46. Lead by example, but offer autonomy. @jschaumaO’Reilly Security 2017 Effecting change
  47. 47. Know what might break before you hit ‘go’. @jschaumaO’Reilly Security 2017 Effecting change
  48. 48. Transparency goes a long way. @jschaumaO’Reilly Security 2017 Effecting change
  49. 49. Incremental changes. Always move forward. Lead by example, be transparent. Encourage autonomy. We can’t reach 100% security, but we can always improve. @jschaumaO’Reilly Security 2017 How to be boring:
  50. 50. Apache Traffic Server Google Chrome Team Mozilla Observatory SSLLabs Yahoo Edge Team (Yahoo/Oath/All) Paranoids Credits @jschaumaO’Reilly Security 2017

×