Archive for the ‘network security’ Category

WEBINAR: How to Get Enterprise Cyber Security for your Mid-Sized Organization

May 21st, 2019
High-quality cybersecurity posture is typically regarded as the exclusive domain of the large and heavy resourced enterprises – those who can afford a multi-product security stack and a skilled security team to operate it. This implies a grave risk to all organizations who are not part of this group, since the modern threat landscape applies to all, regardless of size and vertical. What is

Posted in business security, cyber security, cyber security webinar, cybersecurity, cybersecurity framework, Cynet, Enterprise Security, network security, NIST Framework, webinar | Comments (0)

Advanced Breach Protection Demystified – Untold Truths On Security Beyond AV

March 28th, 2019
Doing business in today's connected world means dealing with a continually evolving threat landscape. With potential losses due to downtime following a breach, plus valuable client and proprietary information at risk, most organizations realize they cannot afford to be complacent. This puts extra onus on security IT teams, who are continuously left scrambling, looking for the best way to

Posted in antivirus, business security, cyber security software, cyber security tools, cyber security webinar, Enterprise Security, network security, webinar | Comments (0)

Cynet is offering unhappy competitors’ customers a refund for the time remaining on existing contracts

March 12th, 2019
Cynet goes head-to-head with CrowdStrike, DarkTrace, Cylance, Carbon Black & Symantec, offering their unhappy customers a refund for the time remaining on their existing contracts. Cynet, the automated threat discovery and mitigation platform was built to address the advanced threats that AV and Firewalls cannot stop. Today, Cynet announced that any organization currently deploying an

Posted in edr solutions, endpoint network security, endpoint security, network security, network security software, SIEM Software | Comments (0)

Google Launches Backstory — A New Cyber Security Tool for Businesses

March 5th, 2019
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network

Posted in Backstory threat analytics, Chronicle, cyber security software, cybersecurity, Enterprise Security, Google Backstory, Google Cloud, network security, SIEM Software | Comments (0)

Learn How XDR Can Take Breach Protection Beyond Endpoint Security

February 19th, 2019
How do you know whether an attacker has infiltrated your network? Can you really rely on an Endpoint Detection and Response (EDR) solution to be your go-to technology for identifying security breaches? Endpoint detection and response (EDR) platform has been an important technology to detect cybersecurity incidents, but it provides only the view of endpoints, just a portion of the big picture.

Posted in Corporate security, cyber security webinar, edr solutions, endpoint detection, Enterprise Security, network security, webinar, xdr solutions | Comments (0)

Researchers Release Tool That Finds Vulnerable Robots on the Internet

January 28th, 2019
A team at a robot cybersecurity startup has released a free, open-source tool for information security professionals to help them easily 'footprint' and detect unprotected robots, not only connected to the Internet, but also to the industrial environments where they operate. Dubbed "Aztarna," the framework has been developed by Alias Robotics, a Spanish cybersecurity firm focused on robots and

Posted in Aztarna, cyber security, cyber security tools, hacking robots, hacking tools, iot devices, network security, port scanning tools, Robot hacking, Robotics | Comments (0)

IPS as a Service Blocks WannaCry Spread Across the WAN

August 14th, 2017

One of the most devastating aspects of the recent WannaCry ransomware attack was its self-propagating capability exploiting a vulnerability in the file access protocol, SMB v1.

Most enterprises defences are externally-facing, focused on stopping incoming email and web attacks. But, once attackers gain a foothold inside the network through malware, there are very few security controls that

Posted in Cato Networks, firewall, intrusion prevention system, network security, Network Security Services, network security tool, ransomware, smb vulnerability, WannaCryptor | Comments (0)

What is the hype around Firewall as a Service?

July 10th, 2017

Admit it. Who would not want their firewall maintenance grunt work to go away?

For more than 20 years, companies either managed their edge firewall appliances or had service providers rack-and-stack appliances in their data centers and did it for them.

This was called a managed firewall — an appliance wrapped with a managed service, often from a carrier or managed security service provider

Posted in best firewall software, firewall, firewall as a service, Firewall Security, network security, network security manager, network security tool, secure firewall | Comments (0)

Online Training for Cisco CCNA, CCNP Certification Exams

June 12th, 2017

As governments and enterprises migrate toward controller-based architectures, the role of a core network engineer are evolving and more important than ever.

There is a growing number of jobs in Networking, but if you lack behind, you need to pass some certification exams to enter into this industry and get a significant boost in your IT career.

If you are looking forward to making career

Posted in CCNA, CCNP, cisco certification, Cisco Certified Network Associate, Cisco Certified Network Professional, network administrators, network security | Comments (0)

Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service

May 9th, 2017

OpenSSL, the popular general-purpose cryptographic library that implements SSL/TLS protocols for web authentication, has recently suffered from several vulnerabilities. We have written about “CVE-2017-3731: Truncated Packets Can Cause Denial of Service in OpenSSL” and “SSL Death Alert (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Servers” among others. Today we examine the high-severity bug CVE-2017-3733, the Encrypt-Then-MAC renegotiation crash that can cause a denial of service.

Before SSL/TLS encrypts data, it runs the Handshake and ChangeCipherSpec protocols.

During the Handshake phase, the client and server decide which encryption algorithms to use. Once the negotiation is done, the client and the server send each other a ChangedCipherSpec message, after which the traffic is encrypted with the negotiated algorithms.

Encrypted data is sent in one of two ways along with the message authentication code (MAC) in SSL/TLS.

  1. MAC-then-encrypt: This method calculates the MAC of the plain text, concatenates it with the plain text, and runs the encryption algorithm over it.
  2. Encrypt-then-MAC: The cipher-text is generated by encrypting the plaintext and then appending a MAC of the encrypted plaintext.

If the ClientHello message does not contain an Encrypt-Then-Mac extension, then the default is MAC-then-encrypt mode. If ClientHello has an Encrypt-Then-Mac extension, the server will compute the MAC after encrypting the data.

If the client or server wish to change the algorithms used for encryption, they can renegotiate the Cipher_Suites that they have already agreed upon. This can occur any time during data transfer by initiating a new Handshake, which takes place over an existing SSL connection.

Triggering the vulnerability

OpenSSL offers this explanation:

“During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected.”

Say the client starts a TLS handshake with the server using the default MAC-then-encrypt mode. If the client later renegotiates with the Encrypt-then-MAC extension enabled and sends encrypted data in that mode before the ChangeCipherSpec message, the server will crash, causing a denial of service.

When the client triggers this vulnerability, the server crashes at the ssl3_get_record function, in the ssl3_record.c file:

The crash occurs at line no. 352, when checking to see if mac_size is less than EVP_MAX_MD_SIZE (64 bytes):

The if statement preceding the assertion checks whether the Encypt-then-MAC flag is set in the server. The macro in the if condition:

The flag TLS1_FLAGS_ECRYPT_THEN_MAC is already set when the ClientHello packet is sent with the Encrypt-then-MAC extension at the time of renegotiation. So the control will go inside the if condition. But because the ChangeCipherSpec message has not yet passed to the server, it does not know it must use Encrypt-then-MAC.

Putting a break point at line no. 352 and checking the mac_size variable shows us the value 0xffffffff, which is greater than EVP_MAX_MD_SIZE (64). Thus the assertion fails and the server crashes.

Let’s go to the code and find how the mac_size variable gets the value 0xffffffff. The EVP_MD_CTX_size function calculates the mac_size.

It returns -1 when the message digest value is null. 0xffffffff is the two’s complement of -1. This means “s->read_hash” returns null as the server tries to calculate the hash using the MAC-then-encrypt mode.

Users of McAfee products are protected from this attack by signature 0x45c09700. All administrators should update OpenSSL to the latest version.

 

Thanks to Hardik Shah for helping me with this post.

 

 

 

 

The post Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service appeared first on McAfee Blogs.

Posted in computer security, McAfee Labs, network security, Vulnerability | Comments (0)