RE: Checkpoint smart defance as IPS

["Craig S. Wright" <craig.wright () Information-Defense com>]

Hello,
I suggest that you learn to reference more than simply Wiki.

"If it was possible as you claimed, the protocol will be totally broken and
it will be front page news article."
I suggest you keep up. This is why TLS was introduced (which also has flaws)
- which is still not used correctly either. But read on for something that
matters.
http://blog.washingtonpost.com/securityfix/2006/02/the_new_face_of_phishing_
1.html

PS. A complete compromise of the CAs and DNS would not likely make a front
page article. Most people do not care and it is not something that sells
papers.

This is also why DNS and routing are important. What do you think DNSSEC is
really about?

SSL is about privacy, NOT security. It was NEVER about security. 

How about I give you some real reading, something more than the online
golden book encyclopaedia that is Wikipedia...

Ellison, C. and B. Schneier. "Ten Risks of PKI: What You're Not Being Told
About Public Key Infrastructure," Computer Security Journal, v 16, n 1,
2000, pp. 1-7. http://www.counterpane.com/pki-risks.html

Esser, Stefan. "IE https certificate attack," 22 December 2001.
http://security.e-matters.de/advisories/012001.html

Kormann, David P. and Aviel D. Rubin. "Risks of the Passport Single Signon
Protocol," Computer Networks, Elsevier Science Press, volume 33, pages
51-58, 2000.
http://avirubin.com/passport.html

Schneier, Bruce. Secrets and Lies : Digital Security in a Networked World.
John Wiley &
Sons, 2000.

Let's take a quote from Kurt Seifried:
"Even ignoring all these problems the simple fact is that SSL certificates
only identify the server to the user, they do not authenticate it. This is a
subtle but incredibly important difference. My online bank is at tdbank.ca,
td.ca on the other hand is owned by someone else and banktd.ca is still
free. I know for example that www.openssl.org is the "official" site for
OpenSSL, but what about www.openssl.de? Shouldn't that be the official site
for OpenSSL translated into German? Well it turns out that it isn't. Do you
trust every single root certificate in your webbrowser software? Have you
even heard of "IPS SERVIDORES" (ips.es), "Saunalahden Serveri CA"
(saunalahti.fi) or "SERVICIOS DE CERTIFICACION - A.N.C." (correo.com.uy)? I
sure as heck haven't."

REMEMBER - ALL CERTIFICATE AUTHORITIES ARE EQUALLY TRUSTED!!!!!!!!!!!!!!!!

I have to state this again...

ALL CERTIFICATE AUTHORITIES ARE EQUALLY TRUSTED!!!!!!!!!!!!!!!!

Do you think your users go and check the CA and ensure it is really the one
that the real site has used? If you think users do this, you have some
learning to do.

If you actually believe that you cannot obtain a signed (from a CA in IE's
list) certificate for a MiTM device, you have not looked too hard.

If you do not think this is a known issue, try reading some RFC's:
"[Browser vendors] and users must be careful when deciding which certificate
and certificate authorities are acceptable; a dishonest certificate
authority can do tremendous damage."
RFC 2246, The TLS Protocol 1.0

The 264+ root CAs trusted by Microsoft, the 166 root CAs trusted by Apple,
and the 144 root CAs trusted by Firefox are capable of issuing certificates
for any website, in any country or top level domain.
See Ed Felten. "Web Certification Fail: Bad Assumptions Lead to Bad
Technology". Freedom To Tinker, February 23 2010.
www.freedom-to-tinker.com/blog/felten/web-certification-fail-bad-assumptions
-lead-bad-technology.

Next, "'Packet Forensics' devices are designed to be inserted-into and
removed-from busy networks without causing any noticeable interruption [. .
. ] This allows you to conditionally intercept web, e-mail, VoIP and other
traffic at-will, even while it remains protected inside an encrypted tunnel
on the wire. Using `man-in-the-middle' to intercept TLS or SSL is
essentially an attack against the underlying Diffie-Hellman cryptographic
key agreement protocol [. . . ]".
Packet Forensics. Export and Re-Export Requirements, 2009.
www.packetforensics.com/export.safe.

So - the question is... have you removed all but the "trusted" CA's from
your users browsers? I doubt it. If you have, you also need to do this EACH
and EVERY time that IE updates.

Next, have a read of more than this forum. Try the TLS list from the IETF:
http://www.ietf.org/mail-archive/web/tls/current/msg03928.html

Even not paying for a certificate (which is the option for the scenario this
derived from), you can still attack SSL/TLS:
"...inject a chosen plaintext prefix into the encrypted data stream, often
without detection by either end of the connection. This is possible because
an "authentication gap" exists during the renegotiation process at which the
MitM may splice together disparate TLS connections in a completely
standards-compliant way."
See
http://extendedsubset.com/wp-uploads/2009/11/renegotiating_tls_20091104_pub.
zip

Finally, have you ever thought of a zero bit negotiated key. SSL with 0-bit
encryption. This can be done using a 128 bit certificate. The client to the
IPS is clear text, but looks to the browser as being encrypted. 

Research means more than wiki. If you use a title of researcher, it is
something that you should try to do.

Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd



-----Original Message-----
From: Shreyas Zare [mailto:shreyas () secfence com] 
Sent: Thursday, 3 June 2010 1:49 AM
To: craig.wright () information-defense com
Cc: security-basics () securityfocus com
Subject: Re: Checkpoint smart defance as IPS

Hi Craig,

I think you should read some basics from wikipedia [
http://en.wikipedia.org/wiki/Transport_Layer_Security#How_it_works ]

In short, you can *only* MITM SSL/TLS for a website if you have the
private key of the certificate installed on the website OR if you are
a certification authority (CA) trusted by the victim and make a fake
certificate on the fly at your proxy/gateway for the website
requested.

If it was possible as you claimed, the protocol will be totally broken
and it will be front page news article.

Regards,

Shreyas Zare

Sr. Information Security Researcher
Secfence Technologies
www.secfence.com


On Wed, Jun 2, 2010 at 4:54 AM, Craig S. Wright
<craig.wright () information-defense com> wrote:
> Actually, no.
>
> You are forgetting that the gateway can also intercept and modify DNS
> traffic. SSL relies on DNS resolution. If you intercept the DNS traffic
and
> change the destination to one controlled by the gateway, you can have a
> signed RA cert at the gateway. The browser trusts the signer, and you go
> from there.
>
> SSL does not let you know if you have been sent to the correct site. SSL
> only lets you know that the DNS address (as returned to your host) matches
> the name in the certificate. You have to think outside of SSL and web
> traffic. There are other components, but it is doable.
>
> DNSSec does cause problems, but if we are talking a corporate site, the
> control of DNS is also controlled.
>
> Regards,
> ...
> Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
> Information Defense Pty Ltd
>
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On
> Behalf Of Shreyas Zare
> Sent: Tuesday, 1 June 2010 2:58 AM
> To: security-basics () securityfocus com
> Subject: Re: Checkpoint smart defance as IPS
>
> Hi,
>
> Yes, but as Bretten Andrew mentioned earlier, the client machine needs
> to trust an internal CA (which will be used to dynamically generate
> cert for SSL MITM that matches the site being visited by user)
>
> Regards,
>
> --
> Shreyas Zare
>
> Sr. Information Security Researcher
> Secfence Technologies
> www.secfence.com
>
>
> On Sun, May 30, 2010 at 2:40 AM, Craig S. Wright
> <craig.wright () information-defense com> wrote:
> > Not at all. Your comment was:
> > "An IPS that decrypts SSL does not exist."
> >
> > This is blatantly false. IDS, IPS, Wireshark even all have SSL decryption
> > capabilities. There is no requirement for a separate proxy.
> >
> > Checkpoint has this capability. NO extra proxy. You seem to be missing
> that
> > distinction.
> >
> > Regards,
> > ...
> > Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
> > Information Defense Pty Ltd
> >
> >
> >
> > -----Original Message-----
> > From: Trevor Alexander [mailto:trevor.alexander.email () gmail com]
> > Sent: Sunday, 30 May 2010 4:28 AM
> > To: <craig.wright () Information-Defense com>
> > Cc: Laurens Vets; <mzcohen2682 () aim com>;
> <security-basics () securityfocus com>
> > Subject: Re: Checkpoint smart defance as IPS
> >
> > You are saying the same thing me and anyone else who has posted on the
> > topic is saying, you're just using different words. You should read
> > the whole thread before you make comments.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------