Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
SSL – encrypt everything
Encrypt the Web! Automatically use
HTTPS security on many sites.This is an port of the popular HTTPS Everywhere extension for Firefox,
created by EFF and the Tor Project. It automatically switches thousands of
sites from insecure "http" to secure "https".
Nárast kryptovanej komunikácie
IoE
E-Commerce PrivacyMobilit
y
Snowden
SSL growing ~30% annually. Entering the Fifth wave of transition (IoE)
0,0
0,5
1,0
1,5
2,0
2,5
3,0
3,5
1998 2002 2006 2010 2014
Source: Netcraft
Mil
lio
ns o
f C
ert
ific
ate
s (
CA
)
Years
2017TODAY
50%
AMOUNT OF ENCRYPTED ENTERPRISE TRAFFIC
25%
Annual growth30%
Encryption Quality
SSL Server Test
• Overall Rating
• Certificate
• Chain, CA
• Protocols
• Ciphers
• Handshake
• Protocol Configuration
• Documentation
• Recommendations
• …
Poodle SSL Attack on SSL v3
SSL 3.0 Request
1
2
3
4
Servers runningHTTPPOP3sSMTPsIMAPsFTPs....
Čísla na kreditke sú zabezpečené, komunikácia je kryptovaná
DowngradeAttacks
1Certificate OK https://nejakyshop.xx
2
silné šifrovanie, platný certifikát, všetko je OKi
SSL 3.0 Response
SSLv3
Tak to dekryptujema potom si niečo objednám
Heartbleed Attack
iRule Blocks Client
Request
iRule Blocks Server Response
&
Impacts
Server KeysPasswordsData
Heartbleed
Mitigate with Programmability and SSL
HW Requirements for 20k SSL TPS Performance
1k keys 2k keys 4k keys
32bit server HW 38 208 1333
64bit server HW 13 73 526
BIG-IP 2200 1 5 25
BIG-IP 4200 1 3 12
BIG-IP 10200 1 1 3
VIPRION 4400 1 1 3
VIPRION 4800 1 1 1
~ 4 bilion times more secure1k 4k
F5 and SSL ?
• Specialized Hardware
• Streamlines and Consolidatedmanagement
• Flexible Deployment
PERFORMANCE
SSL chips in even
smallest appliances
FLEXIBILITY
iRule, Full Proxy …
EXPERIENCE
Doing it for a long time