Three Reasons to Simplify Your Network Infrastructure

You have a growing business, so you need to add more connections: PCs, cameras, or even another location. As you grow, your IT infrastructure is getting complicated, and with every new branch office complexity becomes an issue. As this network grows, there are additional challenges when adding more connections that need to be managed by the firewall. For organizations with multiple remote sites, such as retailers and distributed enterprises, there could be hundreds of consoles to manage, leading to uncontrollable complexity and spiraling costs. Whether it’s scaling to expand a small business or already overseeing a large enterprise, managing the security of an entire distributed network necessitates a simpler and more consolidated approach that can work within tight budgets.

This seems to be a common theme for many companies, ranging from a single store to a large multi-store chain. As I see it, the challenge is the need for a simpler, more centralized approach that allows you to:

  • Securely grow the business
  • Manage security, wireless, cameras, VoIP, networking and WAN acceleration infrastructure through a centralized management console.
  • Create and deploy consistent security policies, across multiple branches or locations

Traditionally, you rely on your network expert to build out a network consisting of several dumb switches that only increase complexity and cost. This is especially true when configuring distributed networks, as each piece requires multiple consoles, increased overhead costs and the potential for misconfiguration and non-compliance. Managing success should not include dealing with increased complexity and less security.

SonicWall’s solution solves this challenge with a converged infrastructure approach. For a single installation, SonicWall lets you add more connections that are managed by the firewall, thus, delivering greater flexibility to apply granular security controls. SonicWall provides a single solution to connect all your devices, whether they be PCs and printers, or Power over Ethernet (PoE) devices (such as wireless access points and cameras). For remote installations, SonicWall’s solution lets you deliver consistent security policies that can be viewed under a single centralized management console.

To learn more about how you can grow your business while reducing complexity, click here to read our executive brief.

Petya Ransomware encrypts the MBR (Mar 30, 2016)

The Dell Sonicwall Threat Research team has received reports of yet another ransomware called Petya. Over the past year, Ransomware has proven to be an inceasingly lucrative business for cybercriminals and has become very widespread that victims have resorted to paying to get their data back. Petya is no different, but instead of just encrypting files it overwrites the system’s master boot record (MBR) effectively locking the victim out and rendering the machine unusable unless payment is made.

Infection Cycle:

Upon execution, Petya replaces the boot drive’s MBR with a malicious loader which will cause Windows to crash. On reboot, it will display a fake CHKDSK screen.

The victim is then greeted with a flashing skull.

After pressing any key, the instructions on how to pay to get their data back is then displayed.

At this point, the victim is locked out of their machine and renders it useless. Rebooting into safe mode is also not possible. Victims can reformat their computers but will obviously lose all of their data.

Below are the screenshots from the cybercriminal’s well crafted website on the onion network where further instructions are given on how to submit payment in bitcoins. It appears that the group behind Petya Ransomware is calling themselves “Janus Cybercrime Solutions” and are demanding victims to send them 0.95865300 Bitcoins or an equivalent to $395 with the current exchange rate.

Petya Ransomware Step 1</a></td><td width = FPetya Ransomware Step 2
Petya Ransomware Step 3</a></td><td width = FPetya Ransomware Step 4

Because of the prevalence of these types of malware attacks, we urge our users to back up their files regularly.

Dell SonicWALL Gateway AntiVirus provides protection against this threat with the following signatures:

  • GAV: Petya.AB (Trojan)
  • GAV: Petya.AC (Trojan)
  • GAV: Petya.AD (Trojan)

SonicWall Security Announces SonicOS 6.2.5 for SonicWALL Next-Generation Firewalls

Today, I am very excited to share with you the SonicOS 6.2.5 release for our 6th generation SonicWall TZ, NSA and SuperMassive Next-Generation firewalls. SonicOS 6.2.5 brings many new features that span across SMB, distributed enterprise and high-end deployments. Further, SonicOS 6.2.5 simplifies support for SonicWall Security partners by offering a single software platform for majority of the 6th generation  SonicWall firewalls.

Highlights of SonicOS 6.2.5

  • SMB and distributed enterprises are challenged by the diverse management solutions involved in managing the security, switching and wireless access points for their network infrastructure. With the new SonicWall X-Series switch integration feature, SonicOS 6.2.5 delivers a consolidated management of all network infrastructure including TZ firewalls, X-Series switches, SonicPoints and WAN Acceleration devices from within the TZ Series firewalls.
  • Recently published 2016 SonicWall Security Annual Threat Report highlighted the surge in encrypted traffic as one of the major trends observed in 2016. With the need to address effective TLS/SSL inspection, multiple DPI SSL Enhancements have been added to the new SonicOS 6.2.5 release. Few of these key enhancements include but not limited to ““
    • CFS category-based exclusion/inclusion of encrypted connections for efficient standards compliance (PCI, HIPPA)
    • Strengthened Encryption Methods (TLS 1.2, SHA256)
    • Increased default Certificate Authority (CA) database
    • Improved troubleshooting for encrypted connection failures with one-click exclude
    • Finer granularity for encrypted connection exclusions based on alternate domain names (excluding youtube.com vs. *.google.com)
    • Refreshed GUI for easy-to-use configuration of encrypted connection processing
    • Increased SSL Connection counts for NSA and SM Series firewalls
    • Unified Capabilities (UC) Approved Product List (APL) enhancements SonicWall firewalls are now qualified for use by Department of Defense (DoD) agencies in the United States. Multiple enhancements including addition of new administrator roles, Out-of-band management, enhanced audit logging and IPv6 features were added to support UC APL certification that is now available for all customers running SonicOS 6.2.5.
    • Firewall Sandwich support and Wire mode VLAN translation features provide flexible and scalable solutions for datacenter deployments
    • Gateway Anti-Virus Detection Only Mode to support deployments where traffic containing viruses are logged but not blocked.
    • Flexible DPI actions for administrators to exclude/include traffic by protocols/DPI service/Application rule action.
    • Botnet Source identification in AppFlow Monitor to quickly view the individual user of IP address associated with the detected applications.
    • Wireless DFS Certification for FCC U-NII (Unlicensed-National Information Infrastructure) to ensure compliance for all customer SonicWall wireless appliances (SonicPoint ACe/ACi/N2)

This is exactly what our partners and customers are asking for. Our partners are active in the SonicOS 6.2.5 beta and are looking forward to all of these rich features to provide even greater security to their customers.

“We are excited about theSonicOS 6.2.5 release because it delivers the ability to control the most crucial elements of your network from a single pane of glass. Customers can now manage the Internet Security Appliance, Secure Wireless Network, and Network Switching from a single console. This is great news for customers and IT administrators, as it simplifies administration and support. This is a big gain for distributed enterprise as well, as this release also allows each of these components to be controlled from the SonicWall Global Management System. Western NRG is excited to have this functionality available in our own GMS instance, where we support hundreds of our customers’ SonicWall’s,” said Tim Martinez, CEO of Western NRG, a premier SonicWall Partner.

With the SonicOS 6.2.5 release we have made huge strides to make the life of a security officer easier to do more with less and reduce the complexity of network management. All of the important enhancements of this release are available at no additional cost to customers with valid support contracts for SonicWall Next-Generation Firewalls or Unified Threat Management appliances. SonicOS 6.2.5 firmware is available as an Early Availability release on www.mysonicwall.com for customers with a valid support contract.

SonicOS 6.2.5 is available on the following platforms:

– SOHO W, TZ300, TZ300 W, TZ400, TZ400 W, TZ500, TZ500 W, TZ600
– NSA 2600, NSA 3600, NSA 4600, NSA 5600, NSA 6600
– SuperMassive SM 9200, SM 9400, SM 9600

To dive deeper into how to have a centrally managed network security infrastructure, download our release notes and the: The Distributed Enterprise and the SonicWall TZ – Building a Coordinated Security Perimeter.

Managing the Madness of Multiple Management Consoles with SonicWall TZ Firewall and X-Series Switches

With fast emerging technologies, challenges of network design in distributed retail store locations is becoming huge. As retail store and distributed enterprise environments evolve, the underlying network infrastructure must evolve with the transformational changes to embrace new technologies such as mobile and digital media which aim to improve customer experience. Embracing new technological changes in a retail network needs to be carefully thought through by raising the following questions:

  1. Is the network infrastructure scalable?
  2. With the increased scale, is the network still secure?
  3. Are the operating costs increasing with the network expansion?
  4. Above all, is there still sanity prevailing in the management of such an evolved network?

The ultimate goal of a network design for any distributed retail location is to create a smart, flexible and easy-to manage platform that can scale to the specific needs of each site, while helping the organization reduce costs and risks. Typical solution of solving any network design expansion is to throw more capacity at the problem. As support for new technology and devices arise, there is overinvestment with added complexity. A new paradigm shift is necessary that can provide a converged infrastructure, simple & easy-to-use management, lower operating costs and can scale to a retail store site’s specific business need.

Let us start by understanding a typical retail store network. A retail store has many components: Point of Sale (POS) devices that require network access to process orders, multiple PoE powered devices such as IP cameras, Network devices such as storage servers & printers, multiple internal backend networks that employees need access to and above all a Guest WiFi requirement that retail customers can benefit from. Taking these attributes into account, a typical retail store design gets broken up into:

  • Multiple internal networks for employee access (for example Sales, Engineering, Finance)
  • Point-of-Sale (POS) network
  • Network devices ““ PoE Cameras, PoE/PoE+ driven Access Points, Storage Servers & Printers
  • Wireless Networks ““ Corporate internal wireless, Guest wireless

The retail network design needs to be secure, fault tolerant and interconnected. Security is typically offered by next-generation firewalls, switches provide the interconnectivity and wireless is offered through multiple access points depending on the store location size. With a scattered management design, an IT administrator is faced with the challenge of managing the network through multiple management consoles. There is the added operating cost of licensing for the various management consoles. A certain madness starts to prevail with the varied management solution as we consider troubleshooting issues in such a network.

With the newly launched SonicOS 6.2.5, SonicWall Security launched a special feature, X-Series integration, that allows for a simplified management of secure converged infrastructure across a distributed retail network by integrating SonicWall X-Series switches into a single consolidated management view that already controls SonicWall firewalls, SonicWall SonicPoints (wireless access points), and SonicWall WAN acceleration devices. Using SonicWall Global Management System (GMS), SonicWall now offers a compelling single-vendor, consolidated secure management solution for distributed retail networks. If you are an existing customer and partner looking for the latest release notes, they are posted here: https://support.software.dell.com/sonicwall-tz-series/release-notes-guides

To learn more about the design of a scalable secure retail network, download our Tech brief: Scalable, consolidated security for retail networks.

Microsoft Windows Media arbitrary code execution-CVE-2016-0101

Microsoft Windows operating system provides Windows Media for playing audio, video and viewing images. Remote attacker can entice user to open malicious media file which can lead to remote code execution with security context of user.

Windows Media uses MPEG2 Transport Stream file format to store media and protocol data. Vulnerable dynamic library is MFDS because of boundary error in it. The function MPEG2_PMT_SECTION::Parse() is used to parse descriptors array in Program Map Table (PMT) in packets of MPEG2-TS file. The function calculates the number of descriptor elements according to the Elementary Info Length field, but function does not validate the Elementary Info Length field properly. Attacker can provide large value to this field which may lead to execution of arbitrary code in user context.

Unsuccessful attempts may lead to denial of service.

This vulnerability affects the following products:

  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows RT 8.1
  • Microsoft Windows 10
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signatures to protect their customers:

  • 3281 Malformed.ts.MP.1
  • 3849 Malformed.ts.TL.1

Runouce Trojan with IRC bot spreads via .eml files (March 24, 2016)

The Dell Sonicwall Threats Research team has observed a Trojan that spreads via .eml files. The Trojan contains IRC functionality and also has the ability to infect pre-installed system executable files with malicious code:

Infection Cycle:

The Trojan makes the following DNS queries:

On our test system the following files were created:

  • %USERPROFILE%kuelio.exe [Detected as GAV: Runouce.B2 (Trojan)]
  • %SYSTEM32%runouce.exe (“runonce” with “n” changed to “u” (patched)) [Detected as GAV: Virut.U_6 (Trojan)]
  • %SYSTEM32%runonce.exe (patched) [Detected as GAV: Virut.U_6 (Trojan)]

The following files were also created [all detected as GAV: Runouce.B2#email (Trojan)]:

  • %APPDATA%GoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek.9_0readme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake.9_0readme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsenacoimjcgeinfnnnpajinjgmkahmfgb.65.0_0readme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsenacoimjcgeinfnnnpajinjgmkahmfgb.65.0_0tabsreadme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap1.1_0readme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsfocgpgmpinbadijfcdimbdkgnpndjnkl.54_0readme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsfocgpgmpinbadijfcdimbdkgnpndjnkl.54_0changelogsreadme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsfocgpgmpinbadijfcdimbdkgnpndjnkl.54_0tabsreadme.eml
  • %APPDATA%GoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda.1.1.0_0htmlreadme.eml
  • %USERPROFILE%Local SettingsTempreadme.eml
  • %USERPROFILE%Local SettingsTemporary Internet FilesContent.IE5B4ZWX2C9readme.eml
  • %USERPROFILE%Local SettingsTemporary Internet FilesContent.IE5FATM9A7Mreadme.eml
  • %USERPROFILE%Local SettingsTemporary Internet FilesContent.IE5HE7GL0WOreadme.eml
  • %USERPROFILE%Local SettingsTemporary Internet FilesContent.IE5MDJBB39Wreadme.eml
  • %PROGRAMFILES%Common FilesMicrosoft SharedOFFICE121033readme.eml
  • %PROGRAMFILES%Common FilesMicrosoft SharedOFFICE12HTMLreadme.eml
  • %PROGRAMFILES%Common FilesMicrosoft SharedOFFICE12VS Runtime1033readme.eml
  • %PROGRAMFILES%Common FilesMicrosoft SharedSmart Tag1033readme.eml
  • %PROGRAMFILES%Common FilesMicrosoft SharedStationeryreadme.eml
  • %PROGRAMFILES%Common FilesSystemadoreadme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12readme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice121033readme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12AccessWebreadme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12GrooveToolDatagroove.netGrooveFormsreadme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12GrooveToolDatagroove.netGrooveForms3readme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12GrooveToolDatagroove.netGrooveForms4readme.eml
  • %PROGRAMFILES%Microsoft OfficeOffice12GrooveToolDatagroove.netGrooveForms5readme.eml
  • %PROGRAMFILES%Microsoft OfficeStationery1033readme.eml
  • %PROGRAMFILES%Microsoft OfficeTemplates12MseNewFileItemsreadme.eml
  • %PROGRAMFILES%NetMeetingreadme.eml
  • %PROGRAMFILES%WinRARreadme.eml
  • %PROGRAMFILES%Wiresharkreadme.eml

The Trojan writes the following keys to the registry to enable continued infection activity after reboot:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun kuelio “%USERPROFILE%kuelio.exe /y”
  • HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun Runouce “%SYSTEM32%runouce.exe”

If there are shared folders or external drives attached the following file will be written to it:

The Trojan disables the ability to kill kuelio.exe.

NOTHING-6A527FE.eml and readme.eml are email files that contain an attachment called pp.exe [Detected as GAV: Runouce.B_3 (Worm)]:

The Trojan infects %SYSTEM32%runonce.exe with additional malicious code. It modifies the PE section headers to extend the rsrc section and inject code. It then changes the OEP (entrypoint) so that the infected executable runs the malicious code first:

The Trojan joins an IRC server hosted at ircd.zief.pl and awaits further instructions:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signatures:

  • GAV: Sirefef.A_33 (Trojan)
  • GAV: Runouce.B2 (Trojan)
  • GAV: Runouce.B2#email (Trojan)
  • GAV: Runouce.B_3 (Worm)
  • GAV: Chir.B (Worm)
  • GAV: Nimda_2 (Worm)
  • GAV: Virut.U_6 (Trojan)

Data stealing trojan posing as a configuration file (March 18, 2016)

The Dell SonicWall Threats Research team has received reports of a data stealing Trojan posing as a configuration file. Upon execution, the trojan steals information from the system and also capable of downloading more files on to the system.

Infection Cycle:

The Trojan has the following icon:

The Trojan has the origin in China and the following properties:

It modifies registry for running after reboot:

  • HKU%%softwaremicrosoftwindowscurrentversionrunguazhuan “C:windowstempsample.exe” -autorun
  • It creates multiple threads replicating the sample using different commands:

    The malware contacts the following domains:

    Once the CnC server is connected, it steals the following information and sends it to the server.

    It also makes the following requests to the server:

    The trojan makes multiple requests to the server and downloads various dat files and configuration files.

    The trojan creates C:UsersAdminAppDataRoamingLSinglePro with configuration settings for a Search Engine.

    The trojan makes multiple search requests and downloads javascript files on to the machine.

    Overall, this Trojan is capable of sending sensitive information out to a remote server.We urge our users to always be vigilant and cautious with any unsolicited attachments specially if you are not certain of the source.

    Dell SonicWALL Gateway AntiVirus provides protection against this threat with the following signature:

    • GAV:Graftor.B_74 (Trojan)

    Microsoft Silverlight Remote Code Execution Vulnerability – CVE-2016-0034 (Mar 18,2016)

    Microsoft Silverlight is a powerful development tool for creating interactive user experiences for Web and mobile applications. Silverlight is a free plug-in, powered by the .NET framework and compatible with multiple browsers. Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka “Silverlight Runtime Remote Code Execution Vulnerability.”

    The vulnerability is triggered when the System.Text.Decoder class tries to allocate buffer using value returned by GetChars() function. The attacker can override the GetChars function in a derived class to return a negative value.This leads to memory corruption.

    To exploit this vulnerability an attacker could host a specially crafted Silverlight application on a website and entice the user to click it. Successful exploitation could lead to remote code execution in context of the logged in user.

    The overridden GetChars function in the derived class looks like this

    IE crashes when System.Text.Decoder class tries to allocate a negative buffer size.

    The exploit code is an obfuscated .net assembly. The decompiled and deobfuscated dll code looks like this

    Demcompiled

    Deobfuscated

    The exploit code tries to decode a long byte array.

    Attaching a debugger we see that the malicious dll sprays the memory with malicious code . We can also see some code that could tamper with registry.

    The graphical view of exploit code looks like this.

    Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers

    • IPS 11388: Microsoft Silverlight Remote Code Execution (MS16-006)

      SonicWall Next-Gen Firewall Consistently Ranks as Recommended Year After Year

      The hacking economy continues to thrive. As you can see for the timeline chart below, we have seen data breach headlines in every industry verticals regardless of their size. Cyber-criminals made the most of their opportunities last year, and rest assured it’s unlikely to be any different for years to come.

      Timeline of high profile breaches in 2015

      If the fear of a network breach keeps you up at night wondering if you’ve done a thorough job measuring the effectiveness of your cyber-defense system, then you’re in good company. Even a slight doubt about your firewall capability forces you to worry regularly if you are successful as you can be in thwarting preventable attacks on your networks. Burdened with the possibility of having to deal with security incidents, you may ask if there is a reliable way to lessen this anxiety. The good news is the answer is yes!

      Once a year, leading next-generation firewalls (NGFWs) vendors gear up to participate in the industry’s rigorous security and performance tests, conducted by NSS Labs, a trusted authority in independent product testing. NSS designs various permutations of real-world test conditions and parameters specifically to address the challenges security professionals face when measuring and determining if their firewall is truly performing as their vendor has promised. Upon completion of these tests, NSS publishes a comprehensive result-based report on all participating vendors. Each vendor’s product is ranked either “Recommended,”“Neutral” or “Caution” based on its weighted score across key evaluation criteria including security effectiveness, resistance to evasion, performance, and stability and reliability.

      Definition:

      1. A “Recommended” rating from NSS indicates that a product has performed well and deserves strong consideration. Only the top technical products earn this rating from NSS, regardless of market share, company size, or brand recognition.
      2. A “Neutral” rating from NSS indicates that a product has performed reasonably well and should continue to be used if it is the incumbent within an organization.
      3. A “Caution” rating from NSS indicates that a product has performed poorly. Organizations using one of these products should review their security posture and other threat mitigation factors, including possible alternative configurations and replacement. Products that earn a Caution rating from NSS should not be short-listed or renewed.

      NSS started this vendor group test four years ago, so it has a significant amount of knowledge and experience in security product testing. Over this period, I have observed many vendors that have moved in and out of the NSS Labs “Recommended” quadrant as NSS’s test methodologies have evolved. This should give you total clarity and confidence toward those vendors with products that have repeatedly and consistently performed well year over year, while providing specific guidance on how to proceed with products that performed poorly or inconsistently. You can find out how your current firewall vendor performed in the latest 2016 Next Generation Firewall Comparative Report ““ Security Value Mapâ„¢ (SVM). The SVM gives you a complete scorecard and ranking for each product tested. I urge you to read the entire set of NSS Labs NGFW reports, including the SVM, Comparative Analysis Report (CAR) and product Test Report (TR), to help you evaluate your current security posture and take immediate action where necessary.

      For four years running, SonicWall has prevailed in the NSS Labs vendor group test. The SonicWall SuperMassiveâ„¢ E10800 is one of only three vendor products to have earned the coveted “Recommended” rating in the NSS Labs Next-Generation Firewall Security Value Map for four consecutive years. This year, the SuperMassive E10800 once again demonstrated one of the highest security effectiveness ratings in the industry, blocking 98.83 percent of exploits during continuous live testing. The device also consistently scored 100 percent effective against all tested evasion techniques and passed all manageability, stability and reliability tests. These are highly credible and verifiable proof points that SonicWall next-generation firewalls deliver on our product promise, and empowers you to achieve breakthrough performance at unprecedented levels of protection. The same technology is used in SonicWall SuperMassive, NSA and TZ firewalls, so they are also highly secure.

      Figure of NSS Labs 2016 Security Value Map (SVM) for Next Generation Firewall (NGFW)

      Learn more. Read the 2016 NSS Labs Next-Generation Firewall Security Value Map SVM Report.

      Have a Secret, Secure and Scalable Network from Today’s Cyber Attacks?

      “Is it secret? Is it safe?”

      For those who’ve never seen the 1976 film Marathon Man, that’s what the fugitive Nazi war criminal played by Sir Laurence Olivier asks Dustin Hoffman while he’s sticking a pointy dental probe into Hoffman’s exposed cavity. Ouch. Excellent movie, though.

      Cinema trivia notwithstanding, these are pertinent questions federal agencies need to ask when it comes to information under their control. Is it secret? There are many levels of classified information. Is it safe? We hope that, classified or not, information about the workings of our government and about us is safe from cyber attack.

      Secrecy and safety should go together, and it would seem that “secret” and “safe” together should add up to “secure.” But there’s one situation in which, unfortunately, that’s not the case.

      When the website you’re at shows up with a URL starting with “https://”, that site is using encryption to add security, specifically Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols.

      OMB Memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services” (June 2015) requires that “all publicly accessible Federal websites and web services only provide service through a secure connection. The strongest privacy and integrity protection currently available for public web connections is Hypertext Transfer Protocol Secure (HTTPS).”

      Encrypting HTTP does add latency, and agencies need to take this into account in planning their network infrastructure. But you’d think that the performance hit is well worth the increase in security (safety, secrecy) SSL and TLS provide. However, here’s where that assumption starts to fall apart:

      More and more cyber attacks are taking place using SSL itself as a means of injecting malicious code and acting as a gateway into places they have no business being. SonicWall Security’s 2016 Annual Threat Report, just released, goes into great detail on the global increase in SSL traffic. The encrypted sessions themselves are being used as attack vectors.

      Preventing this requires that agencies inspect all packets, even encrypted ones, that enter their networks. As you’d expect, SSL inspection can add yet another performance/latency hit, unless you implement a solution specifically architected to minimize that impact.

      Fortunately, SonicWall has that solution. Our SuperMassive 9000 Series Next-Generation Firewalls (NGFWs) provide SSL decryption, inspection and protection with no added latency, through Reassembly-Free Deep Packet Inspection (RFDPI), patented by SonicWall. The SonicWall SuperMassive next-gen firewall series deployed in a SonicWall firewall sandwich architecture allows up to 16 SonicWall SuperMassive devices to perform DPI inspection in parallel, supporting up to 160Gbps of DPI and 80Gbps of SSL-DPI. Our Firewall Sandwich can be deployed in several different configurations depending on your agency’s existing network design helping you scale firewall services with more resiliency and availability. The SuperMassive and NSA Series NGFWs are now certified under the Department of Defense’s Unified Capabilities Approved Products List (UC APL), an essential for DoD and a significant plus for civilian agencies looking for the best, most cost-effective network security solutions they can find.

       Picture of SonicWall's SuperMassive 9000 Series Next-Generation Firewall at a show

      In the Federal Computer Week Digital Dialogue, “Speed and Security Aren’t Mutually Exclusive,” Angelo Rodriguez, director of security engineering at SonicWall Security Solutions Group, goes into greater detail on the firewall sandwich and the technology behind our NGFWs.

      Read the Digital Dialogue

      The Dialogue is a summary of December’s Government Computer News webcast, “Enabling Network Security at the Speed of Mission”, in which Angelo discusses the concept of a scale-out firewall architecture, a network-based model for scaling a next-generation firewall (NGFW) beyond 100Gbps, and deep packet inspection.