The Definitive Guide to SASE

/0 Comments/in /by

What is SASE, and why it is such a hot technology? More importantly, why do we need SASE as the future of the next-generation service delivery model? Before I answer the “what,” let’s look at the “why.”

Business Needs Drive Technology Innovation

Two recent global events demonstrated the need for a new service delivery model that must be agile and deployable worldwide without delay. The first event was the 2008 global recession, which forced many businesses to downsize and was followed by a streak of robust growth lasting well over ten years. The second was the global shutdown caused by the COVID-19 pandemic. This unprecedented event caused a sharp decline in global businesses — many were shuttered permanently, especially those relying on brick-and-mortar locations.

The global shutdown has spurred an explosion in technology innovations. Businesses that embrace virtual collaboration by allowing employees to work from anywhere found new opportunities and have been thriving.

Not surprisingly, a recent survey from PwC (PricewaterhouseCoopers) shows that this virtual collaboration model is here to stay, as both employers and employees are seeing a tremendous boost in productivity.

Requirements for Next-Generation Security and Network Services

As constrained budgets and staffing resources increasingly fail to keep up, the need to shift away from conventional security becomes more acute. This gap is unbridgeable with conventional security approaches.

The rapid, accordion-like boom-and-bust cycles of the last two decades deliver a clear message: There is a need to complement the current on-premises service delivery model with an agile cloud model that takes minutes to deploy and is easy to scale.

Work-from-anywhere, BYOD and mobile technologies have radically changed user behavior. Most organizations still have a perimeter that needs to be secured, but they also have many assets outside that perimeter that need to be protected, no matter where they are. These factors give rise to the requirements for the next generation of network and security, the SASE delivery model, shown below:

What is SASE?

Secure Access Service Edge (SASE) enables a holistic approach that brings security and network technologies together in a cloud-delivered, secure, network-as-a-service (NaaS) solution. With SASE, security and network services are easy to manage, easy to use and quick to deploy.

Such a delivery model empowers organizations to break free from the untenable economic, technical and staffing constraints of conventional approaches — all with less cost and human intervention than conventional security.

ZTNA and NaaS are usually the starting points for a journey toward a complete SASE solution. With SASE, you will have a choice to add FW, SWG, CASB and SD-WAN as one tightly integrated solution.

Still skeptical? Here’s an example of scale and agility from SonicWall’s first SASE product — the Cloud Edge Secure Access.

Through Zero-Trust Network Access (ZTNA) and NaaS, Cloud Edge Secure Access can onboard a branch site, individual users and business partners in minutes. At the same, it provides top-notch privacy for every user, regardless of location. It secures high-value assets in the cloud through its inherent support for least-privilege access security.

With least-privilege security, users and devices can access only what’s necessary and nothing more, similar to the concept of a “need-to-know basis.” By limiting the exposure to other sensitive areas of the network, an organization can secure its resources without sacrificing their operational flexibility.

Since these services can be delivered securely over commodity internet, a business can be completely independent of predetermined locations. At the same time, it can still enjoy the benefits of the most advanced security and networking services as one tightly integrated solution. How’s that for cost savings and ultimate freedom of choice?

Want to Know More?

If you’re interested in knowing more about SASE, read the Definitive Guide to SASE shown below on the slide, or simply scan the QR code provided. This e-book is meant for anyone with a role in security or networking, whether an administrator, manager or executive looking for a solution to regain control of this new upside-down environment — one in which most employees are outside the traditional perimeter-based firewall.

March 2021 OpenSSL Vulnerability

/in /by

Overview:

  A denial of service vulnerability has been reported in OpenSSL library. An OpenSSL TLS server may crash if a remote attacker sends a maliciously crafted renegotiation ClientHello message (the exploit) from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue.

CVE Reference:

  This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) identifier CVE-2021-3449,
dated 2021-03-17.

Common Vulnerability Scoring System (CVSS):

  The overall CVSS score is 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C).

  Base score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), based on the following metrics:
    • Attack vector is network.
    • Attack complexity is low.
    • Privileges required is none.
    • User interaction is none.
    • Scope is unchanged.
    • Impact of this vulnerability on data confidentiality is none.
    • Impact of this vulnerability on data integrity is none.
    • Impact of this vulnerability on data availability is high.
  Temporal score is 6.5 (E:U/RL:O/RC:C), based on the following metrics:
    • The exploit code maturity level of this vulnerability is unproven.
    • The remediation level of this vulnerability is official fix.
    • The report confidence level of this vulnerability is confirmed.

Technical Overview:

  The primary goal of the SSL protocol, Secure Socket Layer (SSL) is to provide privacy and reliability between two communicating applications and the primary goal of the TLS protocol, Transport Layer Security (TLS) is to provide a secure channel between two communicating peers. Both protocols are cryptographic protocols that provide authentication, confidentiality and data integrity for communication over TCP/IP networks. By using cryptographic algorithms such as symmetric key ciphers, cryptographically secure hash functions, and asymmetric cryptography, also known as public-key cryptography, is a process that uses a pair of related keys; one public key and one private key; to encrypt and decrypt a message and protect it from unauthorized access or use. The listed protocols enable hosts to communicate securely over insecure networks.

Triggering the Problem:

  • The target must have a vulnerable version of the product running, with TLS 1.2 enabled.
  • The target application must have TSL renegotiation enabled.
  • The attacker must have network connectivity to the vulnerable application.

Triggering Conditions:

  The attacker sends a TLS 1.2 Client Hello handshake message containing a non-empty signature_algorithms extension, then renegotiates with an empty signature_algorithms extension but non-empty signature_algorithms_cert extension. The vulnerability is triggered when the server processes the new Client Hello message.

Attack Delivery:

  The following application protocols can be used to deliver an attack that exploits this vulnerability:
    • TLS
    • HTTPS, over ports 443/TCP, 8443/TCP
    • SMTP, over ports 25/TCP, 587/TCP

Patched Software:

SonicWall’s, (IPS) Intrusion Prevention System, provides protection against this threat:

  • IPS: 15483 “Client Renegotiation within Short Period”

Remediation Details:

  The risks posed by this vulnerability can be mitigated or eliminated by:
    • Upgrading to the patched releases to eliminate the vulnerability.
    • Disabling TLS 1.2 version in OpenSSL.
    • Disabling renegotiation if it was not needed.
  The vendor has released the following advisory regarding this vulnerability:
  Open SSL News Advisory

Appendix – Discovered By:

  This issue was reported to OpenSSL on 18th March 2021 by Benjamin Kaduk from Akamai and was discovered by Xiang Ding and others at Akamai. The fix was developed by Tomáš Mráz.

Cybersecurity News & Trends – 04-02-21

/0 Comments/in /by

This week, as lawmakers and researchers continued to unravel the details of the SolarWinds attack, another supply chain attack was uncovered — this time on PHP’s Git repository.

SonicWall in the News

Lacombe County fends off cyberattack — Red Deer Advocate

  • An attempted cyberattack on Lacombe County’s servers was ultimately prevented by the county’s SonicWall firewall.

2021 Partner Program Guide — CRN

  • SonicWall was recognized on a list of vendors who have 5-star channel partner programs.

SonicWall continues next-gen firewall refresh with NSa 3700 — Channelbuzz.ca

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

SonicWall expands its threat protection to protect heavily targeted sectors with the NSa 3700 — CRN India

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch.

Leading Israeli IoT firm lands in US as worldwide malware attacks surge — ComputerWeekly

  • This article used data from SonicWall’s 2021 Cyber Threat Report to showcase the increase in malware and IoT attacks as the number of consumer-oriented IoT devices grows.

News Bits: SonicWall, Scality, Alluxio, Aerospike, Hammerspace, StarWind, Model9, & More — Storage Review

  • This article mentions the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

2020 offered a ‘perfect storm’ for cybercriminals with ransomware attacks costing the industry $21B — Fierce Healthcare

  • This article used data from SonicWall’s 2021 Cyber Threat Report to showcase the increase in ransomware attacks on healthcare organizations.

Managed Security Services Provider (MSSP) News: 25 March 2021 — MSSP Alert

  • This article mentions about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch

SonicWall Announces Security Hardware and Software Upgrades — ChannelPro Network

  • This article is about the new NSa 3700 firewall and next-gen upgrades from the March 25 launch, and features key quotes from Kayvon Sadeghi about the importance of this upgrade.

Industry News

North Korean hackers return, target infosec researchers in new operation — Ars Technica

  • North Korean government-sponsored hackers are back, this time with a new batch of social media profiles and a fake company that claims to offer offensive security services.

Ransomware tops U.S. cyber priorities, Homeland secretary says — Reuters

  • DHS Secretary Alejandro Mayorkas said that dealing with ransomware will be a top priority, highlighting the growing threat of the data-scrambling software.

U.S. to publish details on suspected Russian hacking tools used in SolarWinds espionage — Cyberscoop

  • The upcoming report sheds light on a historic espionage campaign that U.S. officials have, at times, been cautious to publicly detail.

Ubiquiti confirms extortion attempt following security breach — Cyberscoop

  • Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week.

Whistleblower: Ubiquiti Breach “Catastrophic” — Krebs on Security

  • On Jan. 11, Ubiquiti, Inc. — a major vendor of IoT devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials.

Cybercriminals Publish Data Allegedly Stolen From Shell, Multiple Universities — Bleeping Computer

  • The FIN11 hacking group has published files that were allegedly stolen from oil and gas giant Shell, likely during a cybersecurity incident involving Accellion’s File Transfer Appliance (FTA) file sharing service.

Australia investigates reported hacks aimed at parliament, media — Cyberscoop

  • An apparent cyber incident knocked Australia’s Parliament House’s email system offline just as Australia’s Channel Nine broadcasting was interrupted by hackers over the weekend.

And that’s yet another UK education body under attack from ransomware: Servers, email, phones yanked offline — The Register

  • The Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, has become the latest UK education body to fall victim to ransomware.

PHP’s Git server hacked to add backdoors to PHP source code — Cyberscoop

  • In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with.

Ukraine Investigating Phishing Software Used to Target Banks — Bloomberg

  • Phishing software was used to attack hundreds of banks and their clients in 11 countries, including the U.K, the U.S. and Mexico, the country’s Office of the Prosecutor General said in a statement.

More Ransomware Gangs Targeting Vulnerable Exchange Servers — Security Week

  • The Black Kingdom/Pydomer ransomware operators have joined the ranks of threat actors targeting the Exchange Server vulnerabilities that Microsoft disclosed in early March.

Ransomware admin is refunding victims their ransom payments — Bleeping Computer

  • After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.

FBI exposes weakness in Mamba ransomware, DiskCryptor — Bleeping Computer

  • An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom.

In Case You Missed It