fechar
fechar
Sua Rede do Amanhã
Sua Rede do Amanhã
Planeje seu caminho rumo a uma rede mais rápida, segura e resiliente projetada para os aplicativos e usuários aos quais você oferece suporte.
          Experimente a Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            A Netskope estreia como líder no Quadrante Mágico™ do Gartner® para Single-Vendor SASE
              Protegendo a IA generativa para leigos
              Protegendo a IA generativa para leigos
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Prevenção Contra Perda de Dados (DLP) Moderna para Leigos
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Livro SD-WAN moderno para SASE Dummies
                  Modern SD-WAN for SASE Dummies
                  Pare de brincar com sua arquitetura de rede
                    Compreendendo onde estão os riscos
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                            Netskope GovCloud
                            Netskope obtém alta autorização do FedRAMP
                            Escolha o Netskope GovCloud para acelerar a transformação de sua agência.
                              Let's Do Great Things Together
                              A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Suporte Técnico Netskope
                                  Suporte Técnico Netskope
                                  Nossos engenheiros de suporte qualificados estão localizados em todo o mundo e têm diversas experiências em segurança de nuvem, rede, virtualização, fornecimento de conteúdo e desenvolvimento de software, garantindo assistência técnica de qualidade e em tempo hábil.
                                    Vídeo da Netskope
                                    Treinamento Netskope
                                    Os treinamentos da Netskope vão ajudar você a ser um especialista em segurança na nuvem. Conte conosco para ajudá-lo a proteger a sua jornada de transformação digital e aproveitar ao máximo as suas aplicações na nuvem, na web e privadas.

                                      DROWN Vulnerability Remains High

                                      Mar 08 2016
                                      Tags
                                      Cloud Best Practices
                                      Cloud Security
                                      Netskope Threat Research Labs
                                      Tools and Tips
                                      Vulnerability Advisory

                                      On March 1st, 2016 researchers disclosed a critical vulnerability affecting SSL and TLS protocol, most widely used secure protocols over the internet. The attack, termed DROWN (an acronym for Decrypting RSA with Obsolete and Weakened eNcryption) is a cross protocol attack that affects any server that supports SSLv2 connections and also any other servers (including SMTP, IMAP, etc.) that shares the same certificate with an SSLv2 supported server.

                                      In order to launch a DROWN attack, first the attacker passively intercepts the traffic between the client and the server and records any version of TLS RSA messages. As per researchers, later using this attack, the attacker can decrypt one out of 1000 intercepted connections. From the encrypted TLS messages, ciphertext containing the 48-byte premaster secret is then converted to valid RSA PKCS #1 v1.5 encoded ciphertexts with length acceptable to SSLv2 oracle. A version of the Bleichenbacher attack is then used to query the oracle with valid SSLv2 RSA ciphertext which leaks information about the master secret key. This information can then be used to compute the session key allowing the attacker to decrypt the earlier recorded TLS messages. The decrypted messages can disclose sensitive information such as login credentials, cookies, company confidential data, etc.

                                      DROWN has been assigned CVE-2016-0800 with a severity rating of High. According to the data published by researchers, TLS 1.2 handshake using 2048 bit RSA can be decrypted in under 8 hrs at a cost of only $440. The attack time can be further reduced to one minute using the recently discovered vulnerability in OpenSSL (CVE-2016-0703) making it possible to perform MiTM attacks within a very short time window. The same data published by researchers also mentions that 33% of all servers on the internet could be vulnerable to this attack.

                                      At Netskope, we have been monitoring SaaS apps to check if they are vulnerable to DROWN. As part of our research, we have identified 676 SaaS apps that are vulnerable to the attack.The breakdown of SaaS apps vulnerable to DROWN per the Netskope Cloud Confidence Index (CCI) is as follows:

                                      • 2 Apps have a “High” CCI rating;
                                      • 42 Apps have a “Medium” CCI rating
                                      • The remainder have either a “Low” or “Poor” CCI rating.

                                      We also identified the following interesting observations related to the 676 SaaS applications vulnerable to the DROWN attack:

                                      • 73 apps are still vulnerable to FREAK attack
                                      • 42 apps are still vulnerable to Logjam attack
                                      • 38 apps are still vulnerable to OpenSSL CCS attack
                                      • 7 apps are still vulnerable to Poodle

                                      The above indicates poor patch management practices by some of the these vulnerable app vendors.

                                      If you are a SaaS app vendor, we suggest the following to identify and mitigate the potential effects of the DROWN attack:

                                      • Check if your server is vulnerable to the attack using the DROWN attack checker.
                                      • Mitigate the vulnerability by disabling the support for SSLv2 immediately. Please note that disabling SSLv2 ciphers on servers vulnerable to CVE-2015-3197 will NOT be sufficient as clients can force the use of SSLv2 with EXPORT Ciphers.
                                      • OpenSSL has released patch for CVE-2016-0703 and CVE-2015-3917. Apply the patched versions 1.0.2g and 1.0.1s for 1.0.2 and 1.0.1 respectively.
                                      • Microsoft IIS users should upgrade to versions 7.0 and above which has SSLv2 disabled by default
                                      • Check the detailed instructions here to get more information on vulnerable platforms and products along with the steps for mitigation.

                                      Acknowledgements

                                      I would like to thank Nitish Balachandran and Arun Prabhu Dhandapani for their assistance on the research, analysis, and reporting.

                                      Mantenha-se informado!

                                      Assine para receber as últimas novidades do Blog da Netskope