Venafi Calls On Enterprises To Formulate CA Disaster Recovery Plans In The Wake Of Diginotar Breach
September 2011 by Venafi
Venafi Press Release - With DigiNotar joining the ranks of Comodo, StartSSL and RSA as a trusted third-party security organization successfully compromised by hackers, enterprises need to move past the shock and begin formulating their own compromise recovery and business continuity plans, states Venafi, enterprise key and certificate management (EKCM) solution experts.
“People have not given much thought to the impact or ramifications of a Certificate Authority (CA) compromise,” stated Jeff Hudson, Venafi CEO. “This attack against DigiNotar marks 2011’s fourth major breach of a trusted third-party security provider. There will be more breaches of third-party trust providers like this in the future.”
Hackers apparently used the fraudulent certificate to intercept Iranian users’ email, among other items. The attack went undetected by the users because their browsers trusted the DigiNotar certificate. “A third-party trust provider represents an extremely high value target for hackers. Once an attacker can access and steal trust credentials, they can commit various cyber-criminal acts in pursuit of their own nefarious agenda,” Hudson stated
Hudson went on to explain that SSL and PKI remain solid and reliable technologies. That does not mean that enterprises can relax. They need to be aware that any individual third-party trust provider, like a CA, can be compromised and is therefore a known risk. “And,” he added, “known risks require solid, well-conceived contingency plans.”
It’s Not Just The Browser That’s Vulnerable
Mozilla, Google, Microsoft have implemented browser updates that will revoke trust in DigiNotar-signed certificates, which will safeguard users of those browsers, The ripple effects of a hack like this do not stop at the browser. Hudson explained, “All enterprises need to look at their highest-value assets—servers, VPN concentrators, SSL off-loaders, application servers, and applications where sensitive and regulated data flows, and that are protected by certificates. Plans must be in place to recover anytime the trust provider is compromised.
Hudson drew from Venafi’s years of experience assessing large, encryption key and certificate deployments to provide best-practice recommendations for how to successfully deploy and mange these critical security assets. There are three very specific steps organizations must take to deal with a compromised CA.
First, they must use multiple CAs so that if one is compromised, the other non-compromised CA and its issued certificates and keys are available for continued use. Hudson stated, “Most companies know better than to put all of their eggs in the same basket. This is a well understood principle of business continuity and disaster recovery—always have a backup resource available. Our experience is that most everyone follows this practice today.”
“Second, organizations must have an accounting of all the CAs that they use as third party trust providers.”
“Third, they must have a complete inventory of the owner and location for each certificate in the enterprise. This often numbers in the thousands and even tens of thousands or more in Global 2000 organizations.”
“And finally, every organization must have an actionable and comprehensive plan in place to recover from a CA compromise. The time to recover needs to be measured in hours, not weeks or months.”
Hudson elaborated that most enterprises have glaring holes in their certificate inventories. “In many cases organizations tell us they have say some 3,000 certificates installed, for instance, and by the time we’ve fully assessed the situation, the number of certificates and keys ends up being two or three times that large. That many unidentified certificates represents significant unmanaged and unquantified risk.”
Further, few organizations have a management platform in place that gives them the power to replace compromised certificates quickly. Otherwise, the replacement of known, compromised certificates is largely a manual effort. This forces organizations to continue operations in a compromised condition—possibly for many months—while the thousands of compromised certificates are manually replaced. In some cases that may not even be an option and entire systems may have to be shut down until remediated.
“None of us knows where the next breach will occur,” Hudson concluded, “or whether it will occur in a week or three months. Enterprises must ready themselves to respond immediately if they implement the four steps of CA compromise recovery. The very serious implication is that you better wake up. Get out of denial. Understand that this is a huge issue of business continuity. And don’t think you won’t be compromised, because you will.”