Showing posts with label ssl. Show all posts
Showing posts with label ssl. Show all posts

Saturday, 24 January 2015

Tuesday, 25 November 2014

Saturday, 15 November 2014

Subscribe to: Posts (Atom)
Showing posts with label ssl. Show all posts
Showing posts with label ssl. Show all posts

Saturday, 24 January 2015

ssl Tunneling

SSL for unsecured Servers
A client can establish an encrypted SSL connection to the Membrane Router. The router terminates the SSL channel and communicates in plain HTTP or SOAP with the server. Using this configuration you can provide SSL encryption and authentication even if your service does not provide SSL. The Membrane Router can also doloadbalancing or access control.
Figure1: SSL Encryption for unsecured Server
See also the example/ssl-server directory of the Membrane distribution for example configuration files for this scenario.
SSL Tunnel to the Server
Membrane Router can enable clients that do not support SSL to communicate with a SSL secured server. To secure the connection the traffic is encrypted by the router before it enters the unsecured network.
Figure2: Non SSL Client communicates with secured Server
See also the example/ssl-client directory of the Membrane distribution for example configuration files for this scenario.
Monitoring a SSL Connection
Because a SSL connection is encrypted it is not possible to monitor the traffic between the client and the server. By using two SSL connections, one between client and monitor and one between monitor and server, it is possible to analyze and monitor the traffic. So both client and server think they are communicating point to point securely with their peer.
Figure3: Logging SSL encrypted Traffic
SSL Tunnel and VPN
A SSL tunnel can route traffic between an unsecured client and an unsecured server over the hostile internet. At each organisation a Membrane Router can work as SSL termination point and provide the desired encryption and authentication.
Figure4: SSL VPN Tunnel
Technical Configuration
Inbound and outbound SSL can be configured using thessl element in proxies.xml.
Posted by at No comments:
Labels: , , ,

Tuesday, 25 November 2014

Unauthorised access to HTTP and HTTPS traffic

Unauthorized HTTP and HTTPS Traffic Blocked on Port

ContentProtect Security Appliance can block proxy servers from redirecting unauthorized HTTP and HTTPS traffic to non standard ports, which is generally an attempt to bypass filtering on the appliance. This is especially helpful when organizations experience users running Filter Avoidance Programs to bypass the filtering system of ContentProtect Security Appliance, just so they can access more web site locations without being detected.

 

Unauthorized HTTP and HTTPS Traffic

Blocked on Port

 

Contact: Customer Support for help with technical questions.

Standard Ports

The following are standard ports used by ContentProtect Security Appliance when Anonymous Proxy Guard is enabled. Any HTTP and HTTPS traffic redirected to any other ports not listed below are considered non standard ports and will be blocked.

Port 80 - HTTPPort 8080 - Proxy ServersPort 443 - HTTPS

How Anonymous Proxy Guard Works

If ContentProtect Security Appliance recognizes that HTTP traffic is trying to use port 5000, the traffic is considered unauthorized and knows that someone has sent a web request to a non standard port, thus bypassing the filter. ContentProtect Security Appliance blocks the traffic, and sends a Blocked Website message back to the user. The user message also includes the port that the traffic was attempting to access. By default, Anonymous Proxy Guard only uses standard ports for HTTP, HTTPS traffic. It is possible that a user could send a valid web request over a non standard port. In this case, you must add an exception to the Traffic Flow Rule Set to send the web request through the web filter so that future web requests reach the host destination successfully.

Note: Even though the message says unauthorized HTTP traffic was blocked, HTTPS traffic could also have been blocked.

The following graphic shows that the URL address is attempting to send HTTP information through port 6666. Some URL addresses have the port redirection embedded in the URL and may not appear in the addresses.

 

Filter Avoidance Programs

There are several programs available on the market that allow users to bypass the filtering rules onContentProtect Security Appliance, by sending HTTP and HTTPS traffic through proxy server. Some programs may even send HTTP and HTTPS traffic encrypted, which makes it much more difficult to determine what type of traffic is trying to access the non standard ports. Some requests could be valid, but most are not. In any case, you want to create a signature that forces web requests to the standard ports and go through the Web Filtering system on ContentProtect Security Appliance.

 

Example: If a student in Palo Alto, West Coast school district uses the program Ultrasurf to bypass filtering by sending web requests over non standard ports, then you can resolve the filtering avoidance issue by blocking all ports except the standard ports, 80, 8080, and 443.

Creating a Custom Signature for HTTP and HTTPS Traffic

When Anonymous Proxy Guard is enabled a user may be blocked from accessing a valid site because the site is redirecting its traffic over a non-standard HTTP, HTTPS, or Proxy server port.

 

Allowing web requests over non-standard ports when Anonymous Proxy Guard is enabled, requires creating a custom signature so that the HTTP and HTTPS traffic goes through the Web Filter before going to the non standard port.

 

 

To create a custom signature for HTTP and HTTPS traffic

From ContentProtect Security Appliance, selectManage > Policies & Rules > Policy Manager.Click a Group on the Policy Manager page to find out what Internet Usage Rule has been assigned.

From ContentProtect Security Appliance, selectManage > Policies & Rules > Internet Usage Rules.Click on the Internet Usage Rule assigned to the Group that you want to change.Write down the name of the Traffic Flow Rule Set(TFRS) used for the Internet Usage Rule.

Anonymous Proxy Guard is only enabled when using a TFRS that contains the nameAnonymous Proxy Guard.

From ContentProtect Security Appliance, selectManage > Applications > Applications.Click Create.

Enter a Name for the new application, which also appears in the application reports.Enter a Description for the new application.Select HTTP as the Application Set from the drop-down list.Select Source and Destination Port as the Type from the drop-down list.Enter the port number for the ValueSelect TCP as the Protocol from the drop-down list.Select Web Filter as the Target from the drop-down list.Click Save.

Posted by at No comments:
Labels: , , , , ,

Saturday, 15 November 2014

Securing Wordpress Blogs using SSL and HTTPS

Hacking the WordPress Login – Stealing Usernames and Passwords Using Free Tools
As explained in the previous security post Website SSL and HTTPS explained, unless you access your WordPress dashboard or admin pages over an HTTPS connection (using an SSL web server certificate), the username and password are sent in clear text over the internet, hence you risk of having them stolen.
In this WordPress security blog post we will explain how malicious hackers can hack your WordPress login by sniffing (also known as capturing) your WordPress username and password using free tools.
How to Capture & Hack WordPress Passwords
Routing of Clear Text Data Over the Internet
When you access your WordPress dashboard (wp-admin section) or any other website, the data is not sent directly from your computer browser to the web server. It is routed through a number of devices on the internet. Therefore before the data reaches your server, your data is passing through and being accessed by a number of routers, switches, servers, proxy servers etc which are administered by different entities.
Depending on the geographical location of your computer and web server, your data might be routed through 5 to 20, or more devices until it reaches its destination. And since such data is sent in clear text, should a malicious hacker tap into one of these devices and captures its traffic, the hacker can easily retrieve your WordPress username or password as explained below.
Hacking WordPress Login (Capturing the Credentials)
Once a malicious hacker can access your data by tapping into a device from where your data is being routed (which could also be your very own wireless router), he can use free tools such as Wireshark to capture your WordPress login session, which will include your WordPress username and password.
Depending on the type of access the hacker manages to gain, he can also route all of the device's traffic through his own proxy software, such as Fiddler, which is also a free tool.
At this stage hacking your WordPress login is very easy because the malicious hacker can capture all of the web traffic passing through that device. For example below is a screenshot from Fiddler capturing a WordPress login session (i.e. the traffic exchanged between a user's web browser and a WordPress website while logging in to the WordPress dashboard or admin pages).
Sniffing and Capturing WordPress Passwords
Once the malicious hacker has a copy of the web data exchanged between your web browser and your WordPress blog or website, he can browse through it to identify your WordPress password. In this test case we used admin as username with passwordStr0ngPass. By identifying the HTTP POST request from the above screenshot, i.e. when the browser sent the password to the WordPress site, the hacker can see your username and password in clear text as highlighted in the below screenshot.
From the above screenshot we can see that the Logparameter contains the username used to login to WordPress (admin) and the pwd parameter contains the password (Str0ngPass).
Note: The above screenshot shows exactly the clear text (including your WordPress username and password) your web browser sends to the WordPress login page to login.
A hacker does not need to be tech savvy himself to do such tasks. These free tools are very easy to use and anyone who has a basic idea of how the web works, can easily capture and steal WordPress passwords, hence why we always recommend you to turn on WordPress SSL for your login pages.
Protect Your WordPress Login and Password
There are several ways how to protect your WordPress login details, i.e. the WordPress username and password and avoid having them stolen. The first and most secure way is to access your WordPress dashboard over an HTTPS connection. Refer to theWordPress HTTPS (SSL) security tutorial to configure WordPress SSL using a plugin or refer to our Definitive Guide to Implementing WordPress SSL to implement SSL manually on your WordPress.
Although we recommend every WordPress administrators to implement both an SSL Web server certificate for WordPress SSL (HTTPS) connection, it is recommended to also  add two-factor authentication. It is important to add two-factor authentication as well because even though malicious hackers are not be able to steal your credentials when the WordPress login page is over SSL, your WordPress is still susceptible to brute force attacks. Two-factor authentication protects your WordPress from automated brute force attacks. Remember, the more layers of WordPress security you can implement, the better it is.
Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)