The DigiNotar breach is being called the worst breach so far (http://blogs.bankinfosecurity.com/posts.php?postID=1068). Breaches come in all shapes and sizes, but when they occur on the very systems that are supposed to protect us, the impact is more widespread.
Certainly this is not the first Certificate Authority breach, Comodo (http://bits.blogs.nytimes.com/2011/03/24/iranian-hackers-suspected-in-recent-security-breach/) is just one recent example of SSL Certificate Authorities breaches. Engineers know that there is far more to learn from failure than success. Bridge engineers study famous failures such as the Tacoma Narrows Bridge to learn how to make stronger bridges. Aeronautic engineers study downed planes. What might Information Security learn from the recent problems at SSL Certificate Authorities like DigiNotar?
The first lesson is – Don’t Put All Your Eggs in One Basket. A main factor in why the SSL Certificate Authority Breaches of this year have been hard to contain is how much trust security architects put in the protocol. Related to this the second lesson then is – Have a Layered Defense. The Principle of Defense in Depth is that when one component fails there are other controls in place, however many systems trust that SSL will provide all the security they need. This naively misses the areas of data confidentiality, integrity, application security and other security concerns. The SSL Certificate Authority breaches won’t stop people from using SSL to protect their systems, and that is a good thing, but hopefully it will stop people from using SSL only to protect Web services and other systems.
The third lesson is – Stop Hitting the Snooze Button. As application technology evolves, the security architecture must step up to the challenge and meet the new technology with stronger controls.
SSL has served security architects well, but security architecture must be more than just “Network Firewalls and SSL”, Security Gateways offer concrete improvements to access control through strong identity protocols like SAML and oauth, better visibility with audit logging and monitoring, and the ability to tailor the right mix of Defense in Depth controls to the deployment. For more ideas in this space, have a look at the Security Gateway Buyer’s guide which looks at the state of play for security architects beyond just SSL.
Gunnar Peterson is a Managing Principal at Arctec Group. He is focused on distributed systems security for large mission critical financial, financial exchanges, healthcare, manufacturer, and federal/Gov systems, as well as emerging start ups. Mr. Peterson is an internationally recognized software security expert, frequently published, an Associate Editor for IEEE Security & Privacy Journal on Building Security In, an Associate Editor for Information Security Bulletin, a contributor to the SEI and DHS Build Security In portal on software security, and an in-demand speaker at security conferences. He blogs at http://1raindrop.typepad.com.