Electricity + Control April 2019

CYBER SECURITY

Re-thinking DDoS defences for encryption technology TLS1.3

T he arrival of TLS1.3, the latest advance in en- cryption technology, is going to require a re- think of certain mechanisms for detecting and mit- igating some forms of distributed denial of service (DDoS) attacks. This is according to Darren Anstee, Chief Tech- nology Officer, NETSCOUT Arbor, who says that certain advances in encryption technology, includ- ing the latest version of the Transport Layer Se- curity (TLS1.3), can make identifying and blocking some threats more difficult 1 . He clarifies that while encryption is an extreme- ly valuable tool in any cyber security arsenal – ena- bling users to ensure privacy when online or mak- ing mobile calls and facilitating the secure storage and exchange of data, including personal informa- tion – it is not a solution to all security issues as it can be used to ill effect in ransomware. Anstee says, “Many network-based threat and fraud detection solutions have historically relied on transparent, passive decryption of encrypted ses- sions via access to the server private key(s). With the introduction of TLS 1.3 this is not as simple.” Bryan Hamman, Territory Manager for sub-Sa- haran Africa at NETSCOUT Arbor, explains, “One of the key aims of encryption is to prevent so- called ‘man in the middle’ (MITM) attacks, ensur- ing that an intermediate device that attempts to decrypt the flow cannot intercept data between the client and server. TLS is the encryption mech- anism used within enterprise networks and over the public internet, and is a critical internet secu- rity protocol. TLS is used to secure data as it is transmitted between web browsers and servers. IP-based protocols like HTTPS, SMTP, POP3 and FTP all support TLS for encryption. “TLS 1.2 became the web’s standard in 2008. Since then, hackers discovered several vulnerabili- ties that resulted in some high-profile cyberattacks over the past few years. TLS1.3 should assist in this regard – it replaces TLS1.2.” Describing it as “a major revision designed for the modern Internet,“ the Internet EngineeringTask Force (IETF) noted that the TLS1.3 update contains “major improvements in the areas of security, per- formance and privacy“ and will make it harder for eavesdroppers to decrypt intercepted traffic. One

of the major drivers in the design of the new proto- col was the mass surveillance of internet communi- cations by the US National Security Agency (NSA), as revealed in 2013 by Edward Snowden. 2 Work on TLS1.3 began in April 2014 and was on its 28 th draft before it was finally approved in March 2018. Up until August 2018, engineers have been checking it to make sure that nothing in TLS1.3 will cause any major problems. They are now confi- dent that there are no security holes in the algo- rithms used. “TLS 1.3 dictates that Perfect Forward Secrecy (PFS) must be used – enhancing the confidentiality of our communications – but it makes us re-think our mechanisms for dealing with another set of problems, including mechanisms for detecting and mitigating some forms of DDoS attack,” continues Anstee. “The latest NETSCOUT Arbor Worldwide Infra- structure Security Report 3 (WISR) confirms attacks targeting encrypted web services have become increasingly common. Specifically, in 2017, 53% of enterprise, government and education organi- sations detected attacks on encrypted services at the application layer. Application layer attacks use traffic that is very difficult to distinguish from genu- ine user traffic, often requiring analysis of the actual application layer transaction to identify the patterns of activity involved in an attack. Our approach to this process must change as TLS 1.3 is adopted 4 .” “TLS1.3 is going to bring welcome change to IT security professionals and with it the need for organisations to have all their IT, networks and se- curity professionals working together. Different solutions exist to tackle the intricacies of TLS1.3 and will need to be implemented according to an organisation’s needs, its customers’ needs and the local regulatory requirements. NETSCOUT Arbor is well-equipped to implement the most appropriate solution for any business as this exciting new phase of internet security unfolds,” concludes Hamman.

For more information on NETSCOUT Arbor in Africa, contact Bryan Hamman at email: bhamman@arbor.net

References 1 https://www.infosecurity-magazine.com/opinions/rethinking-ddos-defenses-tls/ 2 https://www.theregister.co.uk/2018/08/13/tls_13_approved/ 3 https://www.netscout.com/report/ 4 https://www.infosecurity-magazine.com/opinions/rethinking-ddos-defenses-tls/

Electricity + Control

APRIL 2019

35