I just attended Black Hat 2015, and what a great conference it was. I learned that “hackers,” including white hats, grey hats, and black hats, are really interesting people. At Black Hat, I saw briefings on how to hack a Jeep, a smart card, android, iOS, Windows, HTTPS, and a fingerprint. Pretty much anything can be hacked. Some do it for the greater good, letting the manufacturers know so the security can be hardened down and the hacks cannot occur in the future.
The presentation on the Black Hat network was especially interesting. This year was the first year that the network operations center (NOC) was open to the attendees of Black Hat to tour. The NOC is a labor of love for a lot of IT security professionals—many even take PTO to make it happen. This is the network that is used for the training classes at Black Hat. The top websites visited, top applications used, botnets detected, and malware detected were presented.
The people that run the NOC do keep a close eye on any “egregious” hacks, but how is that defined, really? Think of what these folks, doing their labor of love, learn about the attack vectors that are coming. Wow! If the hack is being taught at a training class, then they are expecting it. However, they did state that all types of hacks were done to each other, one attendee of the conference to another.
At the conference, 80% of the traffic was encrypted this year using TLS, which is way up from past years. This is a really interesting antidote, if you think about how a hacker can go undetected in encrypted traffic.
These Black Hat sessions highlight how important it is to encrypt sensitive information properly so it isn’t available to hackers. Maybe, even more importantly, is the ability to conduct SSL/TLS inspection by decrypting the ingress and egress of traffic for your enterprise. SSL/TLS inspection ensures that there is no malware phoning home to a command and control center or a hacker, who is landing and expanding on your systems.
How are you protecting SSL/TLS in your organization? Are you using SHA-2, at least 2048 bit keys, short validity periods, and SSL/TLS 1.2 to protect your SSL/TLS sessions? Do you have visibility into where all of your SSL/TLS keys are located to prevent outages? Would you be able to find a fake certificate issued in your brand name in your enterprise or on the internet? Are you conducting SSL/TLS inspection at your organization? Overall, do you feel you are protected from hacking when you use SSL/TLS?