Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Why are self signed certificate used for sensor communication?

Why are self signed certificate used for sensor communication?

Version

All versions of Cb Response

Topic

How the use of self-signed certificates for sensor to server communication provides no decrease in security.

Q/A

Question

Why are self signed certificate used for sensor communication?

Answer

The use of self-signed certificates provides zero decrease to security. In fact, it provides an increase in overall security. The guidance of "self-signed certificates are bad" is limited to their use in web browsers with a system of distributed trust, not machine-to-machine communications. Sensor to server comms use statically pinned SSL certificates, both client and server. At the time of sensor download, the server's certificate is burned into the sensor. In all subsequent communications, the sensor validates the certificate provided by the server matches exactly what was burned in. Likewise, the server provides each sensor a client certificate, signed by the server's unique CA. After the sensor validates the server's certificate, the server demands a client certificate. The client certificate is checked against a list of specific valid client certificates; if it does not match the connection is terminated. Contrast this with the SSL ecosystem in the browser: since the website does not have the luxury of pre-deploying a specific certificate on every browser, they must rely on Certificate Authorities. Those CAs deploy their root certificate in all the major browsers, then they issue certificates to individual domain names after validating ownership. The addition of a 3rd party into the mix decreases overall security, by introducing additional attack surface that must be protected. While unlikely, examples like the compromise at Diginotar and poor validation practices at Verisign demonstrate the risk of using CAs is real.

Was this article helpful? Yes No
100% helpful (3/3)
Article Information
Author:
Creation Date:
‎07-13-2016
Views:
1749