What Is TLS/SSL Offloading?97thfloorFri, 09/02/2022 07:48

A common misconception about TLS/SSL encryption is that a persons computer connects directly with a web server and information is sent directly between the two. In reality, the information can be sent to a separate machine or to a different processing device on the same machine. This process is known as TLS/SSL offloading.

Offloading works by taking on the processing load of encryption on a separate device or machine than is being used for the application processing. To configure this process, organizations route TLS/SSL requests to an application delivery control that intercepts the TLS/SSL traffic, decrypts the traffic, and then forwards the traffic to a web server. To configure end-to-end encryption, you must import a valid certificate and key and bind them to the web server.

There are two different ways to accomplish TLS/SSL offloading.

TLS/SSL termination is the simpler approach of the two. In this process, encrypted traffic is intercepted before it hits your servers and decrypted on a dedicated TLS/SSL termination device instead of the application server. Then the decrypted data is forwarded on to the application server.

TLS/SSL bridging adds another layer of security by performing extra checks for malware. Incoming data is decrypted, inspected for malicious code, then is re-encrypted and sent on to the web server. This form of TLS/SSL offloading is meant to increase security rather than reduce processing activities on the application server.

Organizations that handle a lot of encrypted data would benefit from TLS/SSL offloading so application servers can focus on their primary tasks rather than encryption. Reduced TLS/SSL workload can lead to:

Depending on what load balancer youre using, TLS/SSL offloading can also help with HTTPS inspection, reverse-proxying, cookie persistence, and traffic regulation. Attackers can hide in encrypted traffic, and the ability to inspect encrypted HTTPS traffic could save your organization from severe attacks.

Make sure your applications are running securely and efficiently by implementing TLS/SSL offloading. Offloading only works with valid certificates, so certificate lifecycle management is another crucial component of a healthy network. Make sure to keep track of all TLS/SSL certificates in use at your organization and when they expire so they dont cause a certificate-related outage.

Automate the certificate management process with machine identity management. Download our Machine Identity Management for dummies eBook to learn more about securing your applications and preventing certificate-related outages.

Alexa Hernandez

Encrypting data can introduce latency to connections because of the amount of computer processing that it requires. Thats where TLS/SSL offloading comes into play. This method can improve your page loading speeds and user experience. TLS/SSL offloading can also be used to introduce additional security checks for malware.

Off

UTM Campaign

Recommended-Resources

*** This is a Security Bloggers Network syndicated blog from Rss blog authored by 97thfloor. Read the original post at: https://www.venafi.com/blog/what-tlsssl-offloading

Follow this link:
What Is TLS/SSL Offloading? - Security Boulevard

Sharing is caring!

Kingston Ironkey Locker+ 50 (LP50) Review Rating

Summary

I think the Kingston Ironkey LP50 is an excellent choice for anyone looking for a good level of data security that is both affordable and user-friendly.

Pros

Cons

The new Kingston Ironkey Locker+ 50 USB drive is an affordable, secure drive that is a little bit different from all the other encrypted secure drives I have reviewed in the past.

There is no FIPs certification, nor is there any physical security. All the security is built around the hardware encryption built into the drive.

For users wanting a higher degree of security and more storage while still being easy to use, the Kingston IronKey Vault Privacy 80 External SSD is an excellent option.

I doubt this will appeal to the enterprise market, but it is probably the most attractive solutions for home users and small businesses that want to secure important files.

This is one of the easiest drives I have used for setup and management. That is because there is no physical security on the drive itself.

You plug it in, then Windows recognises it has a DVD drive, and from here, you can run the IronKey application.

The first run will guide you through the set up process, and once this is complete, it will load up the drive contents.

For input, you can optionally use the Virtual keyboard to avoid the risks of keyloggers.

The LP50 comes with a licence for ClevX USBtoCloud, which is a useful little application that you should use with caution.

Basically, it will back up the contents of the USB drive to your chosen cloud provider. However, there is no encryption applied beyond that which the provider applies themselves.

On the one hand, this is convenient. If you forget your password and need to reset the USB, you still have your important data.

But, a lot of people dont trust cloud services with sensitive data and would prefer to upload an encrypted file. Therefore, if that service does get hacked, then the data is secured. This is not an unreasonable security concern either; there are plenty of cases where people have had their Google accounts hacked. Even if you have 2FA enabled, SIM swap attacks are quite common and relatively easy to carry out.

For less sensitive data, this is probably not an issue. If you are travelling with work data, it is nice to know you have the data secured on the physical drive in the event you lose it.

Setting up ClevX USBtoCloud is easy. The app automatically loads the setup screen when you first log into the drive. I set it up with Google Drive and just had to authenticate my account via the browser.

Backups are done in the background and quickly.

When I started reviewing this drive, the immediate question that popped up in my head was, why not just use encryption software on a USB drive?

This is a perfectly viable option, and for anyone wanting to save money, this is well worth doing.

However, I decided to set up a VeraCrypt partition on a USB drive, and it is just not as user-friendly as the LP50. There are quite a lot of options to choose from, which is good for some but not so good for someone with limited computer knowledge. You can encrypt an entire drive, but you can have encrypted volumes. I think this could be one of the downfalls of some less competent users. It would be easy to end up creating an encrypted volume and then putting data on the none encrypted part of the drive.

The basic setup also process takes some time, and formatting the new encrypted volume takes several minutes. Again, not an issue for people like myself that are into IT, but plenty of other wants a thing that just works out of the box.

There is not much to write about performance; it is just a USB drive. But, I think it is worth highlighting how easy this is to use. You plug it in, the login dialogue opens, you type in your password, and the drive unlocks.

Performance is good, much better than the FIPS-certified USB drives you get. The drive also exceeds the quoted speeds from Kingston.

The Kingston IronKey Locker+ 50 is available from Amazon via the product boxes below. At the time of writing, it is a touch more expensive than Insight but with free delivery.

Insight Direct appear to be the official partner for Kingston. The prices are lower, but they charge 7 for delivery, so it will work out to be more expensive for individual products.

In comparison, if you went with a FIPS 197 certified 16GB iStorage datAshur Personal2, you would be paying almost double at 60.

This is the first time I have used a secure drive like this, and I quite like it. There are two big selling points, the price and the ease of use. It should also read/write faster than most of the pin-secured drives.

Plugging this in and typing out my password is just much more convenient than trying to press tiny keys on a USB. For a small business owner and homes user such as myself, I dont really have any files sensitive enough to require FIPS 140 or 197 certified drives.

The logical counterargument for this drive would be that you can use VeraCrypt to encrypt your data on any thumb drive achieving the same functionality for much less. The Kingston DataTraveler Exodia is just 6 for a 64GB model. However, that is a little less user-friendly, and I have a strong belief that anything not user-friendly is bad for data security.

Therefore, I think the Kingston Ironkey LP50 is an excellent choice for anyone looking for a good level of data security that is both affordable and user-friendly.

Last update on 2022-09-05 / Affiliate links / Images from Amazon Product Advertising API

Originally posted here:
Kingston Ironkey Locker+ 50 (LP50) Hardware Encrypted USB Review Affordable and easy to use - Mighty Gadget

Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attackhas impacted operations and online services of a government agency in the country.

The attack startedon Thursday, August 25, targeting Microsoft and VMware ESXi servers operated by the agency.

The hackersstopped all running virtual machines and encrypted their files, appending the ".crypt" filename extension.

"The ransomware would use the NTRUEncrypt public key encryption algorithm, targeting log files (.log), executable files (.exe), dynamic library files (.dll), swap files (.vswp), virtual disks (. vmdk), snapshot (.vmsn) files, and virtual machine memory (.vmem) files, among others," -Chile CSIRT

According to CSIRT, the malware used in this attack also had functions forstealing credentials from web browsers, list removabledevices for encryption, and evade antivirus detection using execution timeouts.

In typical double-extortion fashion, the intruders offered Chile'sCSIRT a communication channel to negotiate the payment of a ransom that would prevent leaking the files and unlock the encrypted data.

The attacker set a three-day deadline and threatened to sell the stolen data to other cybercriminalson the dark web.

Chile's CSIRTannouncement doesn't name the ransomware group is responsible for the attack, nor does it provide sufficient details that woul lead to identifying the malware.

The extension appended to the encrypted files does not offer any hint because it has been used by multiple threat actors.

While the little information Chile's CSIRTprovided on the behavior of the malware points to'RedAlert' ransomware (aka "N13V"), an operation launched in July 2022, technical details suggest otherwise.

RedAlert ransomwareusedthe ".crypt" extension in attacks, targets both Windows servers and Linux VMWare ESXi machines, is capable to force-stop all running VMs prior to encryption, and uses the NTRUEncrypt public-key encryption algorithm.

However, the indicators of compromise (IoCs) in Chile's CSIRT announcement are either associated with Contior are return an inconclusive result when fed to automated analysis systems.

Conti has been previously linked to attacks on entire nations, such as the one onCosta Ricain July 2022, which took five days from gaining initial access to stealing and encrypting the systems.

Chilean threat analyst Germn Fernndeztold BleepingComputer that the strain appears to be entirely new, and the researchers he talked to couldn't associate the malware with known families.

Fernandez also commented that the ransom note wasn't generated during the infection, a detail that BleepingComputercan confirm. The researcher said that the note was delivered before deploying the file-locking malware.

"One particular thing about the attack, is that the threat actors distributed the ransom note at a previous stage to the deployment of the ransomware as the final payload, possibly for evasion issues or to avoid having their contact details leaked when sharing the final sample." -Germn Fernndez

BleepingComputerwas able to analyze multiple samples of the malware used for the attack and retrieved a ransom note named 'readme_for_unlock.txt', seen below:

All ransom notes that BleepingComputer has seen when analyzing this ransomware strain includea link to a unique website in the Tor network along with a password to log in.

As far as we've seen a data leak site for this ransomware does not exist, yet. The Tor site is for showing a message box where victims can contact the hackers.

Accessing the above communication channel requires a password, which is included in the ransom note.

The malware configures itself to launch on Windows login and uses the name SecurityUpdateat startup.

From what BleepingComputer could learn so far about this ransomware, this is a new operation that launched at the beginning of August.

Chile's cybersecurity organization recommends all state entities as well as large private organizations in the country to apply the following measures:

Chile CSIRT has provided a set of indicators of compromise for files used in the attackthat defenders can use to protect their organizations.

Read more from the original source:
New ransomware hits Windows, Linux servers of Chile govt agency - BleepingComputer

Software-defined WAN or SD-WAN is a virtual wide area network (WAN) that relies on software technologies like internet-based communication tunnels, software-driven network encryption, firewall software, etc. to operate a mid-sized to large-scale computer network spread across locations. This article explains how SD-WAN works, its benefits, and the best SD-WAN solutions in the market.

Software-defined WAN or SD-WAN is defined as a virtual wide area network (WAN) that relies on software technologies like internet-based communication tunnels, software-driven network encryption, firewall software, etc. to operate a mid-sized to large-scale computer network spread across locations.

A software-defined wide area network (SD-WAN) uses software-defined technology and infrastructure. SD-WAN dissociates the networking hardware from the control mechanism and thus streamlines the WANs operation and management. Organizations that use SD-WAN solutions can build higher-performance WANs using inexpensive internet and at significantly lower costs than private WAN connection technologies such as multiprotocol label switching (MPLS).

SD-WAN solutions make it easier for organizations to manage firewalls and routers, upgrade software and firmware, virtual private networks (VPN), and remote clients through a centralized management interface. The centralized management control is used to securely and efficiently route traffic across the WAN directly to trusted providers such as software-as-a-service (SaaS) and infrastructure-as-a-service (IaaS). It also minimizes labor costs by cutting maintenance costs and lowers the cost of equipment.

During the early years, WANs required backhauling of all traffic from branch offices to a data center where they applied advanced security services. Traffic between the source and data centers was based on complex routing protocols such as transmission control protocol (TCP/IP) addresses and control list tables.

Ultimately, it leads to delays resulting in poor application performance, user experience, and huge costs due to expensive bandwidths. Users also had to incur expenses to install MPLS routers at each location. Performing upgrades on firmware or software took longer times due to network complexities. The network architecture was also not optimized for cloud infrastructure. The limitations of traditional WANs drove the change to a better SD-WAN technology that replaced MPLS.

SD-WAN is deployed in an organized way in branch offices and data centers. It is optimized for cloud infrastructure and associates cloud technology with mobile computing. It separates the data plane and control plane of the network. It has a centralized management interface where traffic is managed and monitored. It has a single management portal which reduces complexities and makes it easier to track applications, thus improving performance and operational efficiencies.

By providing lower-cost infrastructure and transport costs, an organization can save. SD-WAN provides end-to-end encryption over the entire network, providing secure connections to its users. Additionally, SD-WAN can prioritize traffic on business-critical applications and route it through the most efficient pathway.

See More: How Does an Edge Network Work and What Does Its Future Hold? AT&Ts Theresa Lanowitz Answers

The main objective of SD-WAN is to connect end-users and the applications, notwithstanding the location of these end-users. SD-WAN drives traffic as per the business requirements of the application. These business requirements vary from the priority of the application to must-enforced security policies or application performance required. Usually, critical mission applications are given the highest priority. The networking approach may vary from MPLS to broadband to 4G LTE.

The SD-WAN architecture separates the control and management functions, applications, and WAN transport services. It has a centralized control plane that stores and manages all the data on the traffic and applications. The centralized control plane monitors and adapts traffic to suit the application demand and delivers the optimum experience.

The following are features of SD-WAN that users should consider before choosing an SD-WAN solution model:

See More: How To Make Networks Ready for Cloud-First Era With SD-WAN

SD-WAN allows organizations and small businesses to securely connect their users to applications by taking advantage of any combination of network services. When choosing the right SD-WAN solution providers, users should consider factors such as security, price, availability of hybrid wide area network (WAN) solutions, and the ease at which they can be deployed. The top 10 SD-WAN solutions include:

Powered by Meraki, Cisco SD-WAN is a scalable, programmable, and open solution that allows users to connect to any application. It offers control, visibility, and real-time analytics to its users. Cisco SD-WAN offers cloud management services and it can also be deployed on-premise. It is integrated with capabilities that allow it to perform optimization of applications, unified communications, multi-cloud services, and security.

Fortinet FortiGate provides a secure networking approach that combines SD-WAN, advanced routing, and next-generation firewall (NGFW) to promote consistent security and network policies and reduce operational costs through automation, self-healing, and deep analytics. This also simplifies wide-area network (WAN) architecture by accelerating network and security convergence. Fortinet FortiGate SD-WAN offers improved multi-cloud application performance through multi-path control, application steering and identification.

Oracle SD-WAN provides users with simplified WAN management services such as SD-WAN, firewall, routing, and WAN optimization. It provides users with high bandwidth and inexpensive internet connections and delivers easy-to-deploy and manages the network. Oracle SD-WAN offers its users reliable, quality, flexible and secure services. With its high availability, users can enjoy faster applications and better networks. It also allows for safer migrations of applications into the public cloud.

Citrix SD-WAN combines cloud-delivered and comprehensive security with SD-WAN, analytics, and secure internet access. It has strong security at the WAN Edge, providing complete protection against all threats. Its Citrix cloud on-ramps feature provides flexible on-ramp options for any cloud access that simplifies multi-cloud transition. Citrix SD-WAN reduces network costs and increases agility.

CenturyLink SD-WAN unifies network management across different network types, creating an agile and responsive wide area network. It enables users access to bandwidth to leverage broadband connections for bandwidth-intensive applications. It provides users with data analytics and reports while offering performance-based application routing. CenturyLink SD-WAN offers a reliable solution that allows users to reduce operating costs for equipment and staff.

Wanify has partnered with VeloCloud to deliver VeloCloud SD-WAN. It manages end-to-end processes and improves network performances by combining multiple connections for its users. It supports network agility and application growth by offering optimized access to cloud applications and data centers. It routes application traffic through efficient routes after gauging the real-time performance of the network. Wanify SD-WAN provides customer support and offers a secure and customizable solution for its clients. It also manages carriers for its users.

See More: What Is a Mesh Network? Meaning, Types Working, and Applications in 2022

Palo Alto Networks offer SD-WAN services through Prisma. It provides networking and security in a single platform. It enables app-defined policies for SD-WAN that eliminate network problems, increase bandwidth, and simplify management for its users. Palo Alto Networks Prims SD-WAN allows users superb control and connection options along with supporting machine learning and automation. It also provides users with router modernization and cloud migration.

Exinda SD-WAN provides businesses with a stable, secure, reliable, and cost-effective solution. It combines and manages up to 12 internet kinds of transport from local service providers. The Exinda SD-WAN network router monitors, detects, and adapts to fluctuations from internet service providers and also monitors traffic changes. It automatically solves network problems, thus avoiding interruptions to internet services and applications.

It allows users to add bandwidths to their networks when they need to increase network capacities. Integrating Exinda SD-WAN and Exinda network orchestrator enhances the ability to accelerate applications to better performance.

Masergy SD-WAN leverages its secure edge network with built-in Fortinet security. It provides clients with end-to-end visibilities and uses artificial intelligence for IT operations (AIOps) to analyze networks and make recommendations to improve reliability. It uses AIOps and shadows IT discovery tools to build overlays to fit networks. It customizes rules to meet network and application requirements. Masergy SD-WAN allows for co-managing with its users to streamline inefficiencies.

Aryaka SD-WAN has a built-in WAN optimization that guarantees application performance for this feature-rich platform. Aryaka SD-WAN service doesnt need the installation of complex appliances or network management software as it is a remote-based cloud system. Users can connect to it through virtual private networks (VPN). Aryaka SD-WAN provides insightful analytics in a secure platform that offers a multi-cloud networking service. It provides reliable throughput, real-time visibility, and single-day deployments for new technology.

See More: What Is Network Management? Definition, Key Components, and Best Practices

The global software-defined wide area network (SD-WAN) market size is expected to increase exponentially from $1.9 billion in 2020 to $8.4 billion by 2025. This figure represents a compound annual growth rate (CGAR) of 34.5%, as per research by MarketsAndMarkets. These figures express an increasing appetite for SD-WAN solutions from enterprises due to a slew of business benefits. These include:

In the recent past, business enterprises and other organizations have embraced advanced technologies to gain an edge against their competitors in the market. However, its adoption has brought on its fair share of problems in the form of cybercrimes.

Most SD-WAN solutions offer basic built-in security features like firewall and VPN functions that improve security for their users. Additionally, users looking for advanced security features can look for SD-WAN solutions offering features to prevent data loss, downtime, and legal liabilities. Popular SD_WAN solutions include next-generation firewalls (NGFW), intrusion prevention systems (IPS), encryption, and sandboxing capabilities.

Users can configure SD-WAN to steer their business traffic through the most efficient route by prioritizing real-time services such as voice over internet protocol (VoIP) and business-critical traffic. SD-WAN, through its flexibility, allows users to vary bandwidth access via any local internet provider to promote increment in speeds to match real-time demand. Varying bandwidth using deduplication and compression also helps in reducing the total cost of ownership (TCO).

SD-WAN allows for bandwidth capacity to be scaled up or down through the direct addition of internet broadband connectivity. A single logical link can be formed when multiple WAN service types, such as direct internet or private multiprotocol label switching (MPLS), are bonded together.

Other optimization techniques that SD-WAN employs to improve network agility include data de-deduplication, data compression, and secure sockets layer (SSL).

According to a 2018 forecast survey by IDC Research, up to two-thirds of respondents expect to save 5-19%, while a quarter expect upwards of 39% savings when using SD-WAN technologies. SD-WAN technology allows for self-managed procedures and automation, which enables organizations to reduce the number of external IT experts required to carry out periodic tests and maintenance, thereby proving to be cost-effective.

SD-WAN aggregates multiple direct-to-internet (DIA) lines for WAN connectivity, thus reducing the overall cost for bandwidth as it requires less network hardware. Organizations can also easily set up new branches online at any location at less time and cost.

As small businesses use more technology solutions such as local, edge, and cloud-based applications, network complexity becomes a common problem. This is due to competition for limited bandwidth, which leads to poor network performance. It might also necessitate hiring more IT specialists on-site to manage local IT infrastructure, leading to increased costs. SD-WAN provides a solution through monitoring and alerting the performance of different data types to ensure enough bandwidth is allocated. Users can configure SD-WAN to prioritize critical traffic through the most efficient path to its destination to improve performance.

SD-WAN is usually managed through a centralized management interface that monitors it and manages traffic. From a single management portal, paths to applications are allocated according to criticality, new sites are provisioned, software and firmware upgrades are performed, and users can flex bandwidth from this point. Using a centralized management plan helps to reduce complexity and makes it easier to track applications and their performances from a single zone.

See More: What Is Network Hardware? Definition, Architecture, Challenges, and Best Practices

Organizations are gradually adopting cloud-based services. SD-WAN enables users to access the cloud remotely without burdening the core network with additional traffic to manage and secure. This may promote cost savings for organizations looking to cut down on office space, equipment and rent as employees can work remotely. The need for additional IT experts to manage and secure data traffic is also minimized.

SD-WAN solutions improve cloud applications performance by emphasizing business-critical applications and allowing them to communicate directly to the internet. SD-WAN guarantees quality and optimizes data, followed by directing network traffic along the most efficient routes.

Even with the gradual increase in the popularity of cloud-based resources, organizations still have to wait for weeks or months to set up new WAN circuits or managed service providers (MSPs). A fully managed cloud-first WAN service could offer cloud-based network offerings comparable with other cloud services through orchestration and automation.

This feature would promote quick turn-up of newer locations globally and services bolstering enterprise flexibility. It would also facilitate troubleshooting and increase the visibility of enterprises.

SD-WAN technologies offer predictive analytics enabling IT specialists to navigate potential outages and mitigate any other potential issues. SD-WAN monitors the system in real time and provides data analytics to determine and predict any problems. This ability helps to reduce resolution time for organizational IT troubleshooting, lowering TCO, and maintaining peak performances at all times. This leads to increased productivity in organizations and decreasing costs, as IT experts are not always required to be on-premises. In case a problem arises, they can quickly identify and fix the issue.

See More: How to Get SD-WAN Security Right?

Software-defined wide area network is a crucial enabler for enterprise digital transformation. It is highly extensible so it can integrate new-age security technologies like SASE with existing network infrastructure. It can also simplify IT operations by paving the way for AIOps alongside network management. Thats why it is vital to understand the working and potential benefits of SD-WAN to prepare for your adoption journey.

Did this article fully inform you about the role of SD-WAN in a modern enterprise? Tell us on Facebook, Twitter, and LinkedIn. Wed love to hear from you!

Follow this link:
Everything You Need to Know About SD-WAN - Spiceworks News and Insights