Canadian companies and citizens should bookmark the webpage for the Canadian Anti-Fraud Centre (CAFC). This website is maintained by the Government of Canada to provide companies and citizens with information on current frauds and scams. The site has numerous tips on how to avoid becoming a victim, and has instructions to report suspected fraud. SYGNET came across the website while assisting a client in reporting attempted fraud that was perpetrated against them.
This article featured on the Globe and Mail website should be an eye opener to all executives not to blindly trust the networks they come across in their travels. It also highlights the importance of maintaining the security posture of the laptops and mobile devices that are used outside of the office.
With the release last week of information pertaining to a potential information disclosure vulnerability in numerous systems that use SSL version 3 encryption, we have started to implement changes to client systems to mitigate the associated risk. We recommend clients familiarize themselves with the POODLE SSLv3 vulnerability by reading the excellent Wired.com article that can be seen at http://www.wired.com/2014/10/poodle-explained/.
SSL encryption can be used to secure data connections between systems across the Internet, and on internal networks as well. Its most common usage scenario is to encrypt web browser connections to servers across the Internet. Though encrypted connections are mainly referred to general terms, there are in fact numerous protocols and cyphers that are supported by the various Operating Systems in use today. Naturally, newer Operation Systems can use more recent and therefore stronger encryption protocols than their older counterparts.
The vulnerability disclosed last week was around SSL 3.0, which was a very popular encryption protocol that has widespread Operating System support (Windows, MACs, and Linux etc.). Though it has been surpassed in recent years by newer and stronger encryption techniques, most systems left it enabled to support older systems. A vulnerability in SSL 3.0 has been demonstrated that would possibly allow an attacker to compromise communications protected by this protocol. It does not provide a direct method for an attacker to gain control of any systems. However an attacker may be able to collect credentials for use in subsequent attacks by eavesdropping on SSL 3.0 communications they are able to compromise with this vulnerability. There is no planned “patch” for this vulnerability so the recommendation is simply to disable its use, both on servers and client systems.
SYGNET will be disabling SSL 2.0 (in the event it is still enabled) and SSL 3.0 from all servers as soon as possible. Clients are warned that there could be some disruption to Line of Business applications and websites that may rely on these specific versions of SSL. It is quite difficult to make this determination in advance, therefore, SYGNET recommends proceeding with the changes since they can be reversed relatively easily should a particular application require either of these specific protocols.
SYGNET will also be disabling SSL 2.0 and SSL 3.0 in the browser settings of Microsoft Internet Explorer for domain joined systems via Group Policy. We will also provide instructions to users on how they can manually make this change for browsers other than Microsoft Internet Explorer and for standalone systems not controlled by domain Group Policy.
Further to the measures mentioned above, clients running a current SonicWALL firewall with Security Services enabled have been protected since October 15th, 2014 when the detection signatures were released.
We will of course provide updates regarding the POODLE vulnerability should additional information become available.
Regards, Cameron Gracie.