Breaching Trust: Should We Switch Off Web Sites Which Gain an F Grade?

Breaching Trust: Should We Switch Off Web Sites Which Gain an F Grade?

We increasingly use third party tools to perform external security assessments. Shodan, for example, does a great job in assessing the services which are exposed from a domain. But one of the best assessment tools is produced by SSL Labs, and which tests for the cryptography infrastructure for a Web site. Overall it scans for the TLS protocols used and assesses the quality of the digital certificate used. If the certificate does not match the site, it will be given a T grade. The key focus of the scan is to identity the possibility of a large-scale breach of the trust infrastructure.

Why is it so important?

Venafi recently surveyed 500 CIOs and found that one of the greatest holes in security in their organisations is related to encryption keys and digital certificates. Their report outlines that around half of network attacks come in through SSL/TLS, and this figure is only likely to increase. Along with this almost 90% thought that their company was defenseless against tunneled attack, as they cannot inspect the traffic, and around the same number said that they had suffered from an attack using encryption to hide the attack.

They found also that 86% of CIOs think that stealing encryption keys and digital certificates is a significant threat to their organisation, and 79% feel that innovation is being held back because of the trust issues with encryption keys.

Ponemon too undertook some research into failures in control and trust, and surveyed over 2,400 companies from the Global 2000 in Australia, France, Germany, the UK and the US, and found that attacks on trust could lead to every organization losing up to $400 million. With this they identified that one of the major weaknesses in enterprise security is often the lack of management over encryption keys and certificates.

This they report is down to them:

• Not knowing the number of keys and certificates they have. In fact, the majority (51%) don’t know how many are in use.
• Not knowing if they have strong enough hashing algorithms.
• Not knowing if their encryption is compliant with organisational policy.

This is alarming, especially as there is a move to Cloud-based systems, where a large-scale data breach can be caused by a single loss of an encryption key. Overall Ponemon found that Global 2000 companies had an average of 17,807 keys and certificates issued. They also reported that trust-based attacks would be hard to detect and would attack critical processes, and that an attack on SSH services would allow other organisations to take direct control of their data and their Cloud-based processes.

Also, Ponemon found that 18% — nearly one-in-five — of companies survey thought that they expected to fall prey to a legacy cryptography attack over the next two years. And what about fixing easy problems? For this they found that the expected cost of an easily preventable key management failure was $125 million. The easy win would be for them to establish control over their trust infrastructure, with 59% of the sample organisations saying that a refresh of key and certificate management would allow them to significantly reduce their security risks.

Things are not good on compromised Certificate Authorities (CAs) too, and where certificate impersonation is likely to expose each company to a cost of $73 million over two years.

In terms of detail of breaches in the past 24 months, the reported levels were:

• 7% for man-in-the-middle (CA compromise).
• 3% for SSH key theft.
• 5% for server key theft.
• 18% for weak cryptography threat.

A figure of nearly one-in-five with a weak cryptography breach is fairly shocking!

The drowngrade

Within TLS a client and server negotiate the key exchange method and the cipher suite. The SSL Lab tool thus analyses the Web site, and finds the cryptography parameters which the site will use. An intruder will often perform a downgrade attack and which picks off the weakest cryptography methods, and which can — at the most serious level — discover the private key of the Web site. If the private key is stolen, the site cannot be trusted any more, and secure traffic could be capture. A company should then change all the digital certificates and key used for the whole site, and find any occurrence of anything that was signed by that certificate. This is extremely costly, and research has shown that the average cost for a medium sized company is tens of millions.

The grading

Within the test, a grading of A+ to F is given, where A+ is the best possible, and F is a shameful site that needs to be switched off [scan]:

A key part of the assessment is the TLS version supported, as SSL v2, SSL v3 and TLS 1.0 are well know for causing a range of vulnerabilities:

A common grade is a “T” grade, which defines that the site has mismatched certificates, and which do not match the name of the site. But even if the certificate is fixed, there were a few which did not come near getting an “A” rating:

But the great worry is there are still many servers which gain an “F” grade and which can be open to DROWN, FREAK, POODLE and MITM attacks:

This above site still supports SSL v2 and SSL v3, and which NEVER should be supported, as they are highly vulnerable. Basically it breaks every rule in the book, and is completely unpatched.

Gaining an A+ grade

Most well managed sites will gain an A grade, but companies who have high levels of trust with citizens should focus on gaining an A+ grade.

For an A+ grade a site needs to implement the best practice in setting up CSP (Content Security Policy) and X-frame headers to restrict things like code injection and i-Frame injection. If you want an “A+”, here is a paper written by myself, Scott Helme and Prof Alan Woodward on the adoption of CSP and X-headers [link].

Python script for scanning

But you say it will take a while to scan all of our sites. If this is the case, Python comes to the rescue with the SSL Labs API, and where you can quickly scan a range of sites taken from a CSV list:

#!/usr/bin/env python

import requests
import time
import sys
import logging

API = 'https://api.ssllabs.com/api/v2/'

def requestAPI(path, payload={}):
    '''This is a helper method that takes the path to the relevant
        API call and the user-defined payload and requests the
        data/server test from Qualys SSL Labs.
        Returns JSON formatted data'''

url = API + path

try:
        response = requests.get(url, params=payload)
    except requests.exception.RequestException:
        logging.exception('Request failed.')
        sys.exit(1)

data = response.json()
    return data

def resultsFromCache(host, publish='off', startNew='off', fromCache='on', all='done'):
    path = 'analyze'
    payload = {
                'host': host,
                'publish': publish,
                'startNew': startNew,
                'fromCache': fromCache,
                'all': all
              }
    data = requestAPI(path, payload)
    return data

def newScan(host, publish='off', startNew='on', all='done', ignoreMismatch='on'):
    path = 'analyze'
    payload = {
                'host': host,
                'publish': publish,
                'startNew': startNew,
                'all': all,
                'ignoreMismatch': ignoreMismatch
              }
    results = requestAPI(path, payload)

payload.pop('startNew')

while results['status'] != 'READY' and results['status'] != 'ERROR':
        time.sleep(30)
        results = requestAPI(path, payload)

return results

import csv
with open('sites.csv') as csvfile:
 reader = csv.DictReader(csvfile)
 for row in reader:

url = row['site'].strip()

a = newScan(url)
  with open("out3.txt", "a") as myfile:
       myfile.write(str(row['web'])+"\n"+str(a)+"\n\n\n")
   print row['web']

Each test takes a few minutes, but could we done once a week. All the areas which fail should be addressed, and every Web site should focus on gaining an A grade. A site which have citizen data and which gains an F grade, should probably be shutdown until it is patched. The output is a simple Json which can be easily parsed, or where we can use a regular expression to pick of key scan results:

{u'status': u'READY', u'protocol': u'HTTP', u'criteriaVersion': u'2009p', u'isPublic': False, u'testTime': 1534282811785L, u'host': u'www.cloudflare.com', u'startTime': 1534282471594L, u'engineVersion': u'1.32.3', u'endpoints': [{u'gradeTrustIgnored': u'A+', u'grade': u'A+', u'hasWarnings': False, u'delegation': 2, u'eta': 2, u'details': {u'sims': {u'results': [{u'errorCode': 0, u'protocolId': 769, u'attempts': 1, u'client': {u'version': u'2.3.7', u'isReference': False, u'id': 56, u'name': u'Android'}, u'suiteId': 47}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'4.0.4', u'isReference': False, u'id': 58, u'name': u'Android'}, u'suiteId': 49171}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'4.1.1', u'isReference': False, u'id': 59, u'name': u'Android'}, u'suiteId': 49171}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'4.2.2', u'isReference': False, u'id': 60, u'name': u'Android'}, u'suiteId': 49171}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'4.3', u'isReference': False, u'id': 61, u'name': u'Android'}, u'suiteId': 49171}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'4.4.2', u'isReference': False, u'id': 62, u'name': u'Android'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'5.0.0', u'isReference': False, u'id': 88, u'name': u'Android'}, u'suiteId': 52244}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'6.0', u'isReference': False, u'id': 129, u'name': u'Android'}, u'suiteId': 52244}, {u'protocolId': 771, u'kxInfo': u'ECDH x25519', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'7.0', u'isReference': False, u'id': 139, u'name': u'Android'}, u'suiteId': 52393}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'Jan 2015', u'isReference': False, u'id': 94, u'name': u'Baidu'}, u'suiteId': 49171}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'Jan 2015', u'isReference': False, u'id': 91, u'name': u'BingPreview'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'XP SP3', u'version': u'49', u'isReference': False, u'id': 136, u'name': u'Chrome'}, u'suiteId': 49199}, {u'protocolId': 772, u'kxInfo': u'ECDH x25519', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'69', u'isReference': True, u'id': 152, u'name': u'Chrome'}, u'suiteId': 4865}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'31.3.0 ESR', u'isReference': False, u'id': 84, u'name': u'Firefox'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'47', u'isReference': True, u'id': 132, u'name': u'Firefox'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'XP SP3', u'version': u'49', u'isReference': False, u'id': 137, u'name': u'Firefox'}, u'suiteId': 49195}, {u'protocolId': 772, u'kxInfo': u'ECDH x25519', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'62', u'isReference': True, u'id': 151, u'name': u'Firefox'}, u'suiteId': 4865}, {u'protocolId': 771, u'kxInfo': u'ECDH x25519', u'errorCode': 0, u'attempts': 1, u'client': {u'version': u'Feb 2018', u'isReference': False, u'id': 145, u'name': u'Googlebot'}, u'suiteId': 49195}, {u'errorCode': 1, u'attempts': 0, u'client': {u'platform': u'XP', u'version': u'6', u'isReference': False, u'id': 100, u'name': u'IE'}}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Vista', u'version': u'7', u'isReference': False, u'id': 19, u'name': u'IE'}, u'suiteId': 49171}, {u'errorCode': 0, u'protocolId': 769, u'attempts': 1, u'client': {u'platform': u'XP', u'version': u'8', u'isReference': False, u'id': 101, u'name': u'IE'}, u'suiteId': 10}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'8-10', u'isReference': True, u'id': 113, u'name': u'IE'}, u'suiteId': 49171}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 7', u'version': u'11', u'isReference': True, u'id': 143, u'name': u'IE'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 8.1', u'version': u'11', u'isReference': True, u'id': 134, u'name': u'IE'}, u'suiteId': 49195}, {u'protocolId': 769, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win Phone 8.0', u'version': u'10', u'isReference': False, u'id': 64, u'name': u'IE'}, u'suiteId': 49171}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win Phone 8.1', u'version': u'11', u'isReference': True, u'id': 65, u'name': u'IE'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win Phone 8.1 Update', u'version': u'11', u'isReference': True, u'id': 106, u'name': u'IE'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH secp256r1', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 10', u'version': u'11', u'isReference': True, u'id': 131, u'name': u'IE'}, u'suiteId': 49195}, {u'protocolId': 771, u'kxInfo': u'ECDH x25519', u'errorCode': 0, u'attempts': 1, u'client': {u'platform': u'Win 10', u'version': u'15', u'isReference': True, u'id': 144, u'name': u'Edge'}, u'suiteId': 49195}, ...

It should be fairly simple for an organisation to create a dashboard which showed the results from the scans, and for their staff to work towards defined KPIs.

Best practice

As we move into a world where sites will not support HTTP anymore, as a minimum, I believe that all Web sites should match to the following:

• NEVER NEVER NEVER EVER support SSL v2 or SSL v3. A Web site running these should be shut down immediately!
• Gain an A grade from an SSLabs scan, with sites containing citizen data, focusing on gaining an A+ grade. To gain an A+ grade sites should support X-header integration.
• Should NOT support the export of 512-bit export suites, as 512-bit Diffie-Hellman keys have been long cracked.
• Should NOT support 1,024 bit RSA key or less.
• Should pass a Google Chrome test for trust.
• Should aim to switch off HTTP support, and redirect fully to HTTPs.
• Should NOT support TLS 1.0.
• Should have a matched certificate.
• Should never support legacy cryptographic, including RC4, DES and MD5.
• Must have scanned, at least, every week with standard OWASP tools.
• Must be scanned, at least, every each for cryptography reports.
• Have migration paths for TLS 1.3.