When Accelerating Secure Traffic is Not Secure

SSL (Secure Sockets Layer) has become one of the most widely-used security protocols on the Internet.  SSL used just about everywhere, on the Public Internet as well as in the internal enterprise network.  You can use it for a variety of purposes, from purchasing merchandise on amazon.com, to accessing files securely from your sharepoint server, as well to access your enterprise applications such as Oracle Forms, SAP, Siebel, etc…  Ensuring that the SSL-encrypted data sent over the network stays secure is extremely important, as it may contain vitally-sensitive information such as credit card numbers, proprietary corporate data, and personal employee information.

Riverbed offers the ability to securely accelerate encrypted SSL traffic. Riverbed’s approach has been analyzed and validated by ICSA Labs as being secure.  On the other hand a few other WDS solutions also claim the ability to intercept and accelerate SSL traffic.  But while the vendor may claim their approach is secure, a closer examination reveals that their SSL acceleration solutions introduce serious security vulnerabilities.

A secure WDS device is paramount, because for WAN optimzation, an appliance needs to be deployed in the branch office as well as in the data center.  In contrast to the 24×7 security that exists in your physically locked data center, in a small branch office the security situation may be far more suspect.  There may be no employees present after work hours.  Holidays, weekday nights, and weekends are periods where an intruder can gain access to the facility.  A typical enterprise with tens or hundreds of branch offices cannot ensure that all of them will be physically secure during these down times.

How can you tell if a WDS solution is secure, and is capable of optimizing SSL traffic without compromising security?  In this blog I have outlined a two key vulnerabilities to look for in competitive WDS solutions.

The first vulnerability is the more obvious one:  Does the WDS solution support a disk encryption capability?  Amazingly, several of the WDS vendors offering SSL optimization capability cannot encrypt data stored in their disk drives.  When using these solutions, data that was formerly encrypted by the web browser for the SSL-protected WAN transfer is stored in clear-text format in the hard drives of the WAN optimization appliances.  In other words, credit card numbers, proprietary drawings, and any other confidential information that employees incorrectly thought was securely encrypted and protected, is actually stored and exposed in clear-text format on the WAN optimization device’s hard drives.

And then to top it off, these WDS vendors offer hot-swappable hard drives for their un-encrypted disks.  This makes it very easy for the intruder – they don’t even have to open up the chassis to gain access to the sensitive data.  In the remote branch office over the weekend, or anytime when few employees are around, they can just walk by, pop the disks out, and then quietly slip away.

The second vulnerability is a bit more technical, and requires somewhat of a security background to understand and appreciate.  It has to do with the root Certificate Authority (CA).  The Certificate Authority is the entity responsible for validating the authenticity of a given web server.  The SSL protocol uses the CA to make sure that the server you are accessing is really who they claim to be.  Once a web browser installs and acknowledges a CA as being authoritative, then the web browser will implicitly trust anything that CA tells it regarding the identity of any web server.  The CA is a critical entity, and its compromise allows an attacker to substitute their own web servers to masquerade as yours.  As the CA is a critical part of your security infrastructure, it should be only be hosted in a physically-secure, protected facility.

But the problem with at least one WDS solution offered by a Riverbed competitor is that to accelerate SSL, this solution requires that the vendor’s own proprietary CA be recognized and accepted as a new Certificate Authority by employee web browsers.  That normally wouldn’t be a problem if the CA is hosted in a physically-secure, protected facility such as an air-conditioned data center.  However, this vendor’s WDS solution requires that the CA be hosted in the remote branch office when WAN optimization functionality for SSL is used.  The possibility of an intruder gaining access to the branch office-hosted CA’s private keys would raise alarms with any competent security expert.

One of the WDS solutions marketed by a Riverbed competitor has both of the security vulnerabilities I described above.  Ironically, the vendor offering that solution is considered a “security” vendor….can you figure out who that vendor is?