AISA 2018 Perth Conference: State Of Web Wecurity In 2018

James Bromberger
State of Web Security in 2018

PERTH CONFERENCE 2018
1
• First paid for web content written 1995 (still online!)
• UWA Webmaster, 1997 – 2000 [1]
• Debian/GNU Linux Developer 2000 – present; I sign GPG keys
• Harley’s/JDV Sharetrading 2000 - 2003
• Linux.conf.au chair 2003 w/Linus [2]
• Canon Europe, 2003-2005; Vibrant Media 2005-2010; NetShelter 2010-2012
• AWS Security SA, Australia & New Zealand 2012-2014 [3]
• Modis National Cloud & Cyber Security Lead [4]
[1] [2] [3]
[4]

6
10years

8
The legacy has gone in the real world.
It only remains in locked-down SOE/MOE
environments where admin/helpdesk staff
can’t keep up with test/image/distribute of
new browsers, and prefer to stay on legacy
instead of current like the rest of the world.

9
So what can we do now to
improve our security?
(With zero code changes)

10
Current generation TLS protocols
Strong Cipher Suites – minimise spread of support
HTTP Security Headers
SRI
Cookies SameSite
DNS CAA
HTTP/2

11
0. Use HTTPS
Get rid of HTTP everywhere
Trusted certificates are free
Donate to LetsEncrypt!

12
1. TLS Protocols
In with the new;
Out with the old
(in that order)

TLS Protocol: Major components by time
13
Time
Bulk cipher selection
Symmetric key exchange
Up to several gigabytes
Protocol Key Exchange Bulk Encryption
Cert exchange

14
• There are just 7 TLS versions defined.
• Most are 10+ years old.
• Only 6 have been used in the wild.
• Only 3 are not yet known to be compromised.
• Do you support the use of known compromised protocols?
SSLv1
SSLv2
SSLv3
TLS 1
TLS 1.1
TLS 1.2
TLS 1.3

15
1994
SSL 1.0
Netscape
1995
SSL 2.0
Netscape
1996
SSL 3.0
IETF
1999
TLS 1.0
IETF
2006
TLS 1.1
IETF
TLS 1.2
IETF
2008 2018
TLS 1.3
IETF
First
Chrome
release
First
Safari
release
First
Firefox
release
First
Opera
release
First
Edge
release
(last)
IE 11
release

16
• You are highly unlikely to see clients using any service
with TLS 1.1
• Check logs; disable 1.1.
• Your stack probably doesn’t support TLS 1.3 yet.
• 5+ months since PCI DSS 3.2 prohibited use of “Early TLS”
(1.0 and earlier)
TLS 1.1
TLS 1.2
TLS 1.3

17
Today’s Protocols Winners:
• TLS 1.2 [RFC 5246; August 2008]
• TLS 1.3 [RFC 8446; August 2018]
Ask your service team/provider for:
• TLS version and ciphers actively used from logs
• Turn off the compromised legacy you don’t use.

18
Which side of the stack am I talking about?

19
Server

21
Client

22
Both!

23
Language TLS 1.2 (Aug 2008) TLS 1.3 (Aug 2018)
Java 6u121* (July 2016; limited ciphers)
7u131 (January 2017)
8
6: Bwhahaha
7: nope
8: no
11 (September 2018)
.Net 4.5 (Possible)
4.6 (default enabled)
Not yet?
Python 2.6.9+ 3.7 (June 2018)
PHP (Check OpenSSL libs) (Check OpenSSL libs)
OpenSSL 1.0.1 (March 2012) 1.1.1 (Sept 2018)
If you have scripts/programs connecting (eg, non-browser) then
your programming language may need an update.

24
October 25, 2018

25
2. Cipher Suite Optimisation

Key Exchange
• Historically, RSA used the same
private/public key pair:
• DH (do not use now)
• Use temporary keys for Forward:
• DHE (ok)
• DH can now also be replaced by
Elliptical Curve DH Key
Ephemeral
• ECDHE (wow)
26

X.509 Certificates
• CAs now require you to use RSA
2048 bit keys
• Even longer keys are better, but
way slower
• Move to Elliptical Curve Digital
Signing Algorithm (ECDSA) based
keys and certificates
• Still requires CAs and Clients to
upgrade to understand this
signature algorithm
27

Bulk Encryption
• Disable DES, 3DES, RC4
• They are insecure or weak
• Enable AES 128/256, specifically
with GCM mode
• MS IE can’t do GCM (when not
used from Windows 10)
28

29
Microsoft believes that it's no longer safe to decrypt data
encrypted with the Cipher-Block-Chaining (CBC) mode of
symmetric encryption when verifiable padding has been applied
without first ensuring the integrity of the ciphertext, except for
very specific circumstances

30
The strongest Bulk encryption that MS Internet
Explorer can do (when not on Windows 10) is not
considered secure by its vendor.

MAC/Checksum
• Remove MD5, SHA1
• Enable SHA2-256, SHA2-384,
SHA2-512
31

32
3. Security Headers
Restrict/influence what the
browser can and can’t do

34
Strict-Transport Security: max-age=$seconds
“Do not make insecure requests to this hostname”

35
Strict-Transport Security: max-age=31536000
“Do not make insecure requests to this hostname”

36
Content-Security-Policy: …
“Only load $content from $sources;
Only submit forms to these $destinations;
Only permit framing in on these $sites;
Only permit content from $sites in my frames”

37
Content-Security-Policy: default ‘none’;
img-src ‘self’ data:; script-src ‘self’
‘unsafe-inline’ https://cdn.bootstrap.com;
frame-src ‘none’; font-src ‘self’
“Only load $content from $sources;
Only submit forms to these $destinations;
Only permit framing in on these $sites;
Only permit content from $sites in my frames”

38
Referer-Policy: …
“Only send Referers under these conditions”

39
Referer-Policy: strict-origin
“Only send Referers under these conditions”

40
Feature-Policy: …
“Only permit GeoLocation/Vibrate/camera/etc
for scripts from $location”

41
Feature-Policy: geolocation ‘none’; vibrate
‘none’
“Only permit GeoLocation/Vibrate/camera/etc
for scripts from $location”

42
X-Content-Type-Options: no-sniff
“Don’t second guess an incorrect mime types. If the
server gives you an image with incorrect type
application/javascript, drop it”

43
Stop telling people what version of
Apache, IIS, ASP.Net, PHP that you run.
server: Microsoft-IIS/10.0

44
4. Reduce CAA mis-issuance
Tell the world who your CA(s) is (are)

45
Risk: There are ~200 publicly trusted
Certificate Authorities., any of which can, if
presented with sufficient evidence, issue a
certificate to a customer in your name.

46
Solution: Publish a record in DNS letting
them all know who you authorise to issue on
your behalf.

47
5. Sub Resource Integrity*
Version-lock external dependencies
(*Requires editing HTML)

48
<img src=“https://www.someone.elses.sites.com/picture.jpeg”>
<script src=“https://www.someone.elses.sites.com/tracking.js”>

49
<img src=“https://www.someone.elses.sites.com/picture.jpeg”
integrity=“sha384-oqVuAfXRKap…”>
<script src=“https://www.someone.elses.sites.com/tracking.js”
integrity=“sha384-sha384-ho1wx4JwY8wC…”>
Generate SRI with https://www.srihash.org/
or
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A

50
6. And a hell of a lot more…

51
• Session Cookies: set SameSite=
• Turn on HTTP/2
• New compression algorithms (br)
• Dual stack IPv4/IPv6

52
Please turn off legacy security
server side and client side.

53
Did you know…
…all the crypto ciphers we discussed here also
applies to native Windows Active Directory, based
upon your Domain Functional Level (DFL)?
• Level 2008: Enables AES 128/256
• Level 2012R2: Disables DES and RC4 for Kerberos

54
1. HTTP redirect to HTTPS on main web site (all others remove HTTP completely)
2. Protocols: TLS 1.2 and/or newer (Apache: 2.4.36+, OpenSSL 1.1.1+)
3. Cipher suites:
1. Server Order Preference enabled
2. ECDHE-AES{128,256}-GCM-SHA{256,384,512} at or near the top
3. remove RC4, DES, 3DES bulk ciphers
4. remove DH (non ephemeral) key exchanges
5. remove SHA1, MD5 MAC
6. check with https://ssllabs.com
4. Security Headers:
1. add Strict-Transport-Security
2. add Content-Security-Policy
3. add Referer-Policy
4. add Feature-Policy
5. add X-Content-Type-Options
6. check with https://securityheaders.com
5. DNS: Add CAA record (low TTL, eg, 10 seconds)
6. Content: Add Sub Resource Integrity Checks for (versioned) content you don’t control
7. Content: Change Set-Cookie to add option: SameSite=Lax/Strict
8. Server: Enable HTTP/2 (Apache: a2enmod h2, IIS: Windows Server 2016)

55
https://nephology.net.au/
In-person technology & cloud training.
Advanced concepts; expert trainers.
• Advanced Security & Operations on AWS
• Web Security
Too much? Really interesting? Got more questions? I can help…

AISA 2018 Perth Conference: State Of Web Wecurity In 2018

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AISA 2018 Perth Conference: State Of Web Wecurity In 2018

Similar to AISA 2018 Perth Conference: State Of Web Wecurity In 2018 (20)

Recently uploaded

Recently uploaded (20)

AISA 2018 Perth Conference: State Of Web Wecurity In 2018