Network Security Archive

Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft’s IIS, and NGINX.

Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of millions of websites, or some 40 percent of all the sites on the Internet, are running using HTTP/2 protocol.

A total of eight high-severity HTTP/2 vulnerabilities, seven discovered by Jonathan Looney of Netflix and one by Piotr Sikora of Google, exist due to resource exhaustion when handling malicious input, allowing a client to overload server’s queue management code.

The vulnerabilities can be exploited to launch Denial of Service (DoS) attacks against millions of online services and websites that are running on a web server with the vulnerable implementation of HTTP/2, knocking them offline for everyone.

The attack scenario, in layman’s terms, is that a malicious client asks a targeted vulnerable server to do something which generates a response, but then the client refuses to read the response, forcing it to consume excessive memory and CPU while processing requests.

“These flaws allow a small number of low bandwidth malicious sessions to prevent connection participants from doing additional work. These attacks are likely to exhaust resources such that other connections or processes on the same machine may also be impacted or crash,” Netflix explains in an advisory released Tuesday.

Most of the below-listed vulnerabilities work at the HTTP/2 transport layer:

  1. CVE-2019-9511 — HTTP/2 “Data Dribble”
  2. CVE-2019-9512 — HTTP/2 “Ping Flood”
  3. CVE-2019-9513 — HTTP/2 “Resource Loop”
  4. CVE-2019-9514 — HTTP/2 “Reset Flood”
  5. CVE-2019-9515 — HTTP/2 “Settings Flood”
  6. CVE-2019-9516 — HTTP/2 “0-Length Headers Leak”
  7. CVE-2017-9517 — HTTP/2 “Internal Data Buffering”
  8. CVE-2019-9518 — HTTP/2 “Request Data/Header Flood”

“Some are efficient enough that a single end-system could potentially cause havoc on multiple servers. Other attacks are less efficient; however, even less efficient attacks can open the door for DDoS attacks which are difficult to detect and block,” the advisory states.

However, it should be noted that the vulnerabilities can only be used to cause a DoS condition and do not allow attackers to compromise the confidentiality or integrity of the data contained within the vulnerable servers.

Netflix security team, who teamed up with Google and CERT Coordination Center to disclose the reported HTTP/2 flaws, discovered seven out of eight vulnerabilities in several HTTP/2 server implementations in May 2019 and responsibly reported them to each of the affected vendors and maintainers.

According to CERT, affected vendors include NGINX, Apache, H2O, Nghttp2, Microsoft (IIS), Cloudflare, Akamai, Apple (SwiftNIO), Amazon, Facebook (Proxygen), Node.js, and Envoy proxy, many of which have already released security patches and advisories.

Source: https://thehackernews.com/2019/08/http2-dos-vulnerability.html

More than 4 in 5 IT teams are involved in security efforts, and a majority of them report an increase of at least 25 percent in time spent on these efforts over the past 12 months, according to Viavi.

network teams security efforts

The most striking conclusion is that network-based conversation wire data has become the top data source for security incidents, with its use tripling, demonstrating that threat levels have driven enterprises to seek the most reliable forensic data available.

The State of the Network study captured the insights of Network Operations (NetOps) and Security Operations (SecOps) professionals worldwide, highlighting their challenges in security, performance management and deployment of new technologies.

Eighty-three percent of network teams are now engaged in supporting security issues, and of those, 91 percent spend up to 10 hours or more per week dealing with increasingly sophisticated security threats.

As hackers continue to circumvent existing security tools — even those with AI or machine learning — additional strategies are needed to quickly identify and contain security threats, the consequences of which can be devastating.

“This year’s State of the Network study highlights a clear way forward in today’s IT reality with a combination of prevention and ongoing detection to catch threats not flagged by security tools alone, such as an internal data breach by an employee, whether accidental or intentional.

“IT professionals need to better understand what is normal network behavior and what is not, and engage in proactive threat hunting,” said Douglas Roberts, Vice President and General Manager, Enterprise & Cloud Business Unit, VIAVI.

“Findings also show that network teams now depend on wire data as their most important source of information for security incidents, demonstrating that more NetOps teams are turning to the optimum peace of mind for issue resolution and compliance in the event of a breach.”

Key takeaways

Network teams are critical to protecting business resources and strengthening IT security. Increases in threat workloads were reported, with 74 percent of respondents stating they spend up to 10 hours or more per week on security. Three out of four of those teams report an increase of at least 25 percent of time spent over the past 12 months.

When asked how the nature of security threats has changed in the past year, IT teams identified a rise in email and browser-based malware attacks (59 percent), and an increase in threat sophistication (57 percent). Significant numbers of respondents also reported increases in exfiltration attacks on database servers (34 percent), application attacks (33 percent), DDoS attacks (32 percent) and ransomware attacks (30 percent).

Wire data has taken a central role in resolving suspected or known security threats, with 71 percent of respondents reporting that they used packet capture and 46 percent reporting that they used flow data, compared to 23 percent and 10 percent respectively in the 2017 State of the Network study.

NetOps teams play an active role in aiding SecOps before, during and after a threat has been detected, due to an increase in volume and sophistication of security threats.

Respondents highlight the importance of understanding normal network behavior and the ability to quickly hunt for malefactors when suspicious activity is noted.

Collaboration between SecOps and NetOps has accelerated, maximizing security initiatives and minimizing resolution time to limit negative impact to the business and customers.

While NetOps teams pivot to assist with security, they are still challenged to maintain acceptable service performance and end-user experience, despite the rapid deployments of new technologies and large increases in network traffic loads.

Source: https://www.helpnetsecurity.com/2019/07/17/network-teams-security-efforts/