Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Newbie
    Join Date
    Nov 2008
    Posts
    4

    Post Most firewalls are becoming obsolete

    The hacking community is switching over to SSH and SSL for communications with computers to insert there goods. I know we can block SSH, but it would be impractical to block SSL. SSL is passed through most firewalls untouched. We need Untangle to act as a proxy to decrypt, scan and re-encrypt this traffic.

    Any thoughts or solutions?
    Last edited by connected; 11-06-2008 at 07:46 PM.

  2. #2
    Master Untangler Lee Sharp's Avatar
    Join Date
    Feb 2008
    Location
    Houston, TX
    Posts
    411

    Default

    Quote Originally Posted by connected View Post
    The hacking community is switching over to SSH and SSL for communications with computers to insert there goods. I know we can block SSH, but it would be impractical to block SSL. SSL is passed through most firewalls untouched. We need Untangle to act as a proxy to decrypt, scan and re-encrypt this traffic.
    [citation needed]

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,269

    Default

    I was going to say... I'm certainly not seeing SSL as a viable attach surface. SSL requires a signed certificate before any browser is going to allow communications without it throwing a fit. And hackers depend on things being invisible. Such signed certificates would be revoked relatively quickly.. and they require the hacker to basically give out his home address. Sure this can all be circumvented but for what? So one of the big certificate authorities can yank the cert within 24 hours anyway?

    On the other hand, the process of scanning this traffic is failure prone, introduces chain of custody issues, and increases load on Untangle by several orders of magnitude. For the deployments I have. I would need Untangle to be on a 64bit OS just to get the RAM needed for this kind of thing.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  4. #4
    Newbie
    Join Date
    Nov 2008
    Posts
    4

    Default

    1 in 10 websites are in a state of compromise at any given time. I hope I got the ratio right. Some of these sites are good sites that have been hacked sql injection etc. If these sites are using SSL to secure there transactions, the direct path is completed to your computer. If your computer isn't patched fully or the website has 0-day drive by set up on it, they got you through the SSL tunnel. Another thing to consider is that the web servers have their own SSL certs installed. Once the bad guy owns the box he'll have a time window to do his thing until it is shut down or cert is revoked.
    Last edited by connected; 11-06-2008 at 11:36 AM.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,269

    Default

    Yes, but there is little to be done about zero day assaults anyway. The attack blocker and related modules don't help you there 90% of the time. Nor does current anti-virus. Being patched to current is your best defense here... and the fact that the attack is running over SSL vs HTTP makes no difference in the end.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by connected View Post
    1 in 10 websites are in a state of compromise at any given time. I hope I got the ratio right.
    if you're referring to the google study, it was 1 in 10 websites (of the sample set) had some sort of malicious code. I don't think it stated anything about ssl vs not ssl, nor anything about them being compromised.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Newbie
    Join Date
    Nov 2008
    Posts
    4

    Default

    If the attack occurs over HTTP Untangle should catch it, unless it's 0-day then Untangle still has a chance to block it. With SSL I don't believe Untangle will react to the attack, just past it through the tunnel.

  8. #8
    Master Untangler
    Join Date
    Apr 2008
    Posts
    346

    Default

    Quote Originally Posted by sky-knight View Post
    I was going to say...
    , then you go on and say it anyway.

    You seriously, can't think, that certificates won't be jacked, to impose their will...Wait... I believe, you actually do, so never mind.

    Simply put, this last week alone, how many victims fell to the phoney website registration email? Which, right there, would surrender the certificate too!?

  9. #9
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,786

    Default

    Relax...I left my raincoat at work and I don't want to get in the middle of a pissing contest.

  10. #10
    Master Untangler Lee Sharp's Avatar
    Join Date
    Feb 2008
    Location
    Houston, TX
    Posts
    411

    Default

    I guess my little wiki joke was more appropriate than I thought. If you look past the headline at the actual data, things can change fast. Lets start with what is a web site? Before you answer, read this... http://themetricsystem.rjmetrics.com...can-landscape/

    Now was that 1 website? 3? A million? One guy registering a million domains can skew the numbers fast. Or, one name with a server pool behind it can do a similar thing. The question is what is the likely vector of attack? From what I have seen it is e-mail, p2p, and un-encrypted websites.

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2