Firewall Wizards mailing list archives

RE: Using SSL accelerators in firewalls

From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Wed, 17 Jul 2002 16:17:13 +0200

My personal perference is to use an "attached" SSL accelerator, such as the
nCipher devices. PCI or SCSI attached boxen, that still terminate the SSL
traffic on the server itself.

However, this raises a few problems, particularly in your "banking"
scenario, or actually, under any high load environment.

One often wants to have the traffic load balanced over a farm of servers.
There are a couple of approaches to doing this.

* Load balance based on source IP address
* Load balance on a round robin or least loaded basis

The significant differences are that the destination host is not
deterministic in the second case, i.e. you may not always be directed to the
same backend webserver on every request.

Applications typically want some kind of persistence, unless the application
is designed in such a way that you can connect to different servers for each
transaction without any problems. This is unusual, as most applications keep
some kind of state in the server itself, rather than writing it all back to
a database for every GET or POST.

So the load balancer either needs to be deterministic (based on source IP),
or else identify the connection based on the SSL stream.

The problem with using a deterministic algorithm comes up if you have a lot
of clients coming from a single IP address, such as an ISP's proxy (AOL,
anyone?). Those clients will all be sent to a single server, while the
others sit idle. Not a good solution.

Some load balancers can identify a connection based on the SSL sessionid
negotiated, and balance that way, however that is starting to become
useless, due to the browsers renegotiating stronger crypto within the
existing SSL stream, and then using a new SSL sessionid, that was encrypted
and hidden from the load balancer.

So the load balancer needs to actually terminate the SSL connection, so that
it can either insert a Cookie of its own, or record the application's
cookie, and balance using a table of "cookie to server" mappings. That means
we now have a clear text connection back to the backend, which is the
situation we were trying to avoid. :-(

So, the load balancer can also REencrypt the session to the backend server.
This has the downside that the backend server still needs an accelerator
card, as well as the load balancer needing one. (Doubly, because it is now
decrypting and encrypting the traffic.)

This introduces latency, which kind of defeats the object of load balancing
in the first place!

One solution that I have been looking at with interest is the ingrian
device, which can actually encrypt sensite field values in the SSL
terminator device. So the web server receives clear text connections, with
specific fields already encrypted. That can be useful to prevent PIN numbers
from being exposed, however, it still offers an attacker with access to the
cleartext segment the opportunity to hijack the session based on the cookie,
or change the password based on the existing encrypted PIN/password, collect
encrypted passwords for brute force attacks, etc.

Have I left anything out, or forgotten some obvious solution?

Any comments and suggestions welcome!

Rogan

-----Original Message-----
From: Darren Reed [mailto:darrenr () reed wattle id au]
Sent: 17 July 2002 02:56
To: firewall-wizards () honor icsalabs com
Subject: Re: [fw-wiz] Using SSL accelerators in firewalls


In some email I received from Darren Reed, sie wrote:


There would seem to be a growing trend in using SSL accelerators not
next to the web server but attached to a firewall so that it isn't
https traffic that passes through but http.


Let me ask this question another way.

If your bank was using one of these SSL accelerators and it was not
directly attached to the web server, but the "far side" of something
else so they could screen traffic and then pass your data through
some number of other things, unencrypted, would you use that bank's
Internet Banking service which used SSL encryption ?

If you had a choice between that and one which did the SSL encryption
on (or next to) the web server (lets assume all other 
security measures
are equal), which one would you choose, if you had the chance ?

Darren
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Using SSL accelerators in firewalls, (continued)
- Re: Using SSL accelerators in firewalls David Pick (Jul 17)
- Re: Using SSL accelerators in firewalls Darren Reed (Jul 17)
  - Re: Using SSL accelerators in firewalls Carson Gaspar (Jul 22)
- Re: Using SSL accelerators in firewalls Ryan McBride (Jul 17)
  - Re: Using SSL accelerators in firewalls Scott Walker Register (Jul 17)
- Re: Using SSL accelerators in firewalls Paul Robertson (Jul 17)
  - RE: Using SSL accelerators in firewalls Ian Peters (Jul 17)
- Re: Using SSL accelerators in firewalls Fabio Pietrosanti (naif) (Jul 17)
- Re: Using SSL accelerators in firewalls Ryan Russell (Jul 17)
- Re: Using SSL accelerators in firewalls miha (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- RE: Using SSL accelerators in firewalls Dawes, Rogan (ZA - Johannesburg) (Jul 17)
- Re: Using SSL accelerators in firewalls Dana Nowell (Jul 17)