The Hidden Threats of Security CertificatesBy Frank Ohlhorst | Posted 2012-12-04 Email Print
Until the Flame malware incident, many IT leaders had been unaware of a hidden danger in their security infrastructure: ineffective certificate management.
By Frank J. Ohlhorst
System Intrusions and data theft are on the rise, and many organizations are suffering the consequences—in lost revenue, exposed intellectual property, outraged customers or damaged brands. A key problem is that the more sophisticated protection technologies become, the more sophisticated attacks become.
Attackers are actively seeking new vulnerabilities and creating new techniques to compromise systems. Digital certificates have become one of the latest targets, especially with enterprises relying on certificates more than ever to keep system connections secure.
Of the many concerns surrounding certificates is the security offered by the certificate authorities (CA), such as VeriSign, Network Solutions, GeoTrust and dozens of others. The number of CAs and the risk of compromise is a troubling concern for IT leaders.
The problem is that CAs can be compromised, as exemplified by incidents at certificate authorities DigiNotar, Comodo and DigiCert. Those compromises may represent the tip of the iceberg, and increased attacks can mean only one thing: Attackers are going after CAs as an industry.
Microsoft admitted this year that attackers were able to compromise its internally issued certificates, take control of its update systems and execute a man-in-the-middle attack that essentially gave them control over thousands of computer systems. Once in control, the attackers were able to inject the now-infamous Flame malware into the computers and siphon off information undetected and at will. In this case, poor management led to Microsoft missing the fact that it was using vulnerable certificates signed with a weak algorithm.
Last year, at least five separate CAs were compromised, allowing hackers to intercept all the traffic coming to a Website protected by a compromised certificate. As reliance on certificates increases, so does the possibility of unexpected downtime and system failures, both of which can be almost as devastating as a security compromise. Many of these problems can be quickly mitigated with some proactive management techniques, something that seems to be on the back burner for many organizations.
Shortsighted Management Practices
Research firm Gartner recommends that organizations be aware of the potential for significant impact on their operations, should they suffer such an incident. However, revoking those certificates may not be as easy as it sounds. Many organizations have lost control of their certificates, thanks to spotty management practices.
Eric Ouellet and Vic Wheatman, vice presidents at Gartner, note that companies that have an unplanned certificate expiry typically focus on other IT issues first—such as hardware or software crashes—long before they begin to consider an expired X.509 certificate as the source of trouble. This typically results in significant delays in identifying and resolving the root cause of a system outage.
When certificates are compromised, there's plenty of blame to go around, and some of that blame can be placed on the individuals in charge of securing systems, as well as software vendors, and even end users who fail to effectively protect their access to certificate stores. But the problem may lie mostly with shortsighted management practices.
The primary vulnerability behind security certificates involves the management of those certificates—not the certificates themselves or the underlying technology. After all, the encryption techniques and protections in place have proven to be extremely secure.
However, if an attacker can usurp control of a certificate, forge a certificate or compromise a certificate, all the benefits offered are made moot. Additional problems occur when certificates expire: If not tracked or renewed properly, systems using expired certificates are subject to downtime. Resolving those issues requires taking a proactive approach, but understanding the root causes of certificate issues is the first step to solving the problems associated with certificates.