Logjam, a new frontier of attack to the TLS

Guys, so we have been through heart bleed, freaks, and poodles. Now we have logjam. What is logjam? Logjam attacks the Diffie-Hellman key-exchange which is resultant due to a flaw in the TLS protocol. What is Diffie-Hellman key-exchange in TLS?

From security exchange;

Okay, so what does logjam do? Logjam allows a MITM(Man-in-the-middle) attackers to downgrade the TLS session encryption to a 512-bit level cryptography. This is considered breakable in current standards. Hence, the users are vulnerable to their data being watched on by this hackers. It affects those browsers which use DHE_EXPORT ciphers.

From my perspective it is one hell of a nasty. Because of the nature of how Diffie-Hellman works and how the same prime numbers are used across services using DH, an attacker can use the “number field sieve” algorithm to break the DH connection. Once its broken, and the prime is found, its open.

The number field sieve: http://mathworld.wolfram.com/NumberFieldSieve.html

So the question is, are you at risk; well; if you are an update freak like myself, then you are good to go; make sure your browsers are up-to-date. Anyone using Google Chrome above version 42 is fine.

As per admins who do manual implementations on servers etc.
1. Do not use export cipher suites.
2. Deploy Elliptic-Curve DH based algorithm ciphers. It sounds super cool, but honestly its probably the strongest  in the lot. Most modern browsers use it anyways. One way to check; just click on the lock sign on the browser tab and you can check.
3. Generate a strong and unique DH group; create your own groups which boast at least a 2048 bit strong group.

Cloud is the new normal.

Yes. That is the tag line used for the AWS Summit in Auckland a few days back. Look at the world at the moment, the traditional data centres are too hard to manage and build, and the jobs that amount to having managing a service using the traditional approach is deemed complex. Amazon AWS, however have used their excellent infrastructure as a business model. Why not sell our data centre infrastructure to companies with a lower cost and maintenance. Great idea, and great frontier ahead. So yes, i am praising the giants; wheres the catch however?

There are a few concerns however in terms of controls and how the separation is in terms of managing the security and privacy of users. Amazon is great, but when it  comes to infrastructure security we still need to emphasise the need of implementing security controls. The separation of responsibility is clearly defined by Amazon; which clearly states, that the physical infrastructure and policies that govern infrastructure security is managed by them. This probably does not fulfil some criterions needed by certain security standards. Users must be really aware about this lines of responsibilities and security.

If you intend to support AWS, by all means, its awesome; but please do run testing and make sure you are secure from your end of things. Physical security is just one aspect and that Amazon can manage, but the security in terms of PII( Personal Identifiable Information) and management of infrastructure is still your responsibility. Do not dream of going to Amazon AWS if you have had a breach of data and you realise that you did not patch your system or implement secured coding.

My advice;
1. Have an audit once in six months.
2. Do not put PII on the cloud; it is always good to have your PII data locally placed. The closest amazon POP is in Sydney/Melbourne. This is the global Infra for AWS : http://aws.amazon.com/about-aws/global-infrastructure/
3. Implement security controls always; it is your infrastructure, it is your responsibility to keep it secure.
4. Keep it simple
5. Always be up to date with what AWS has to offer; through their blog. It is amazing the updates they do.
6. Finally, love the cloud. It is a revolution and you can’t run from it. However like everything else; keep it safe and secured.