Partner Technical Training

DDoS Mitigation with Arbor APS – SSL Inspection

Partner • Sales • Engineering

APS
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY Release 5.12
Objectives
At the conclusion of this unit you should understand Arbor APS’s
Onboard SSL Inspection:
• Design
• Hardware Specifications
• Configuration
• Reporting in the UI

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 2

SCENARIO:
CUSTOMER UNDER
DDOS ATTACK

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 3

Issue & Context
• The stock trade Website is suffering another DDoS attack and is no
longer available.
• The APS Protection Level is set to High. The APS begins blocking
more attack traffic. However, the site still remains unavailable.
• Looking at the View Protection Group page, an increase in the amount
of TCP/443 traffic is reported in the Services section.
• It seems as though the site is experiencing a blended attack containing
an encrypted attack traffic component.

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 4

Issue: An Attack Using Encrypted Traffic
• A large stock trade Website is suffering intermittent DDoS attacks

DATA
ISP 1 CENTER

ISP
ISP 2
IPS
Firewall
Load
Balancer

Target
Applications
ISP ‘n’ Attack Traffic & Services

Good Traffic

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 5

Action: Utilize Onboard SSL Decryption
• Discuss possible solution design to mitigate the attack using Arbor
APS’s Onboard Hardware Security Module (HSM)
• Understand the design constraints
• Configure the HSM
• Enable the HSM and review the UI to determine if the attack
is being mitigated

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 6

SOLUTION DESIGN

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 7

On-Board Inspection
Protection against
DDoS attacks
encrypted by
SSL3, TLS1,
TLS1.1, TLS1.2

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 8

On-Board Inspection

Packet to be decrypted arrives on external interface

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 9

On-Board Inspection
• Invalid packets
• Blacklist / Whitelist
• Filter list
• TCP SYN flood detection
• Rate-based blocking
• Fragment detection
• Spoofed SYN flood prevention
• Payload regular expression
• Shaping
• IP location filtering
• ATLAS Threat Categories

L2 / L3

Packet is evaluated by Layer 2 and

Layer 3 countermeasures

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 10

On-Board Inspection
• SSL Message Validation
• Slow Attack Protection
• Handshake Validation
• Connection Flooding Protection

L2 / L3 TLS

• If enabled, packet is evaluated by TLS Attack Prevention

• If APS does not have certificate to decrypt traffic, it is not
decrypted and passed encrypted at this point

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 11

On-Board Inspection

HSM
L2 / L3 TLS

Original packet is held in buffer, packet contents

decrypted by Hardware Security Module (HSM)

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 12

On-Board Inspection
• HTTP Malformed
• HTTP request / URL rate
limiting
• AIF botnet signatures
• HTTP header regular
expressions
• Basic botnet protection
• Slow request attack protection
• Application misbehavior
• TCP connection reset
HTTP

HSM
L2 / L3 TLS

HTTP countermeasures are applied against

decrypted packet

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 13

On-Board Inspection

HTTP

HSM
L2 / L3 TLS

If decrypted packet passes all countermeasures, original packet

is released (no re-encryption involved)

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 14

On-Board Inspection

• Decryption and inspection processes are transparent

and not visible to the network infrastructure
• There is no re-encryption or session termination

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 15

HSM HARDWARE
SPECIFICATIONS

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 16

 HSM Specifications
• FIPS 140-2 certified *
• 2 HSM Models

750M 5G HSM
HSM
Inspected Throughput 750 Mbps 5 Gbps
HTTPS Connections 7,500 45,000
Concurrent Sessions 150,000 150,000
Available for 2600 Y Y
Available for 2800 N Y

* Versions prior to APS 5.12 (5.12 Firmware Certification in process)

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 17

HSM CONFIGURATION

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 18

HSM Configuration
• Configuration is performed via the CLI
• Private keys are stored onboard the HSM only and not on the APS
appliance’s hard drives
• APS appliance’s hard drives contain only public keys
• HSM is protected by separate authentication.
• 20 failed login attempts to HSM will zeroize it
• “zeroize” = return to factory defaults

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 19

HSM CLI Hierarchy

• / system hsm CLI hierarchy visible only if HSM is installed

• admin@APS:/# system hsm
• init Initialize the HSM
• Key HSM key management
• import Import key to HSM
• remove Remove key from HSM
• show Show HSM keys
• services HSM service authorization
• show Show HSM status
• stats Show HSM statistics
• user Manage HSM users
• zeroize Zeroize the HSM

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 20

HSM Manual Zeroizing
• HSM can be manually zeroized to remove all customer private
key information

admin@APS:/# system hsm zeroize

All configuration will be erased. Do you wish to

proceed? [y|N] y
Deauthorized APS
.................................................
.......................
admin@APS:/#

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 21

HSM Authentication Credentials
• Completely separate from APS user authentication
• Two types:
• Officer: Used for initial configuration and to manually initialize HSM
• User: Authenticates operations between APS and HSM
• Only single Officer and single User available
• User authentication is required for
• APS TLS decryption
• Key management (list, import, remove)
• Changing user password
• Manual HSM zeroize does not require HSM authentication

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 22

HSM Initialization
• Required (at least once) and prepares the HSM for use by setting up the
necessary identities, ownership, and authentication to be associated with it
• / system hsm init officer_name user_name [fips|non-fips]
[persist|nopersist]
• fips supports only FIPS ciphers
• An APS appliance in fips mode, forces fips mode of HSM
• non-fips supports all available ciphers
• persist will persistently authenticate APS
• On server restart or appliance reboot administrator does not need to enter HSM user
credentials to allow APS to decrypt traffic
• nopersist will require manual authentication every time service is restarted
• APS service must be stopped during HSM initialization

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 23

HSM Initialization (cont.)
admin@APS:/# system hsm init CSE EBC fips persist
crypto officer password (7-14 characters):
crypto officer password (again):
crypto user password (7-14 characters):
crypto user password (again):
.................................................................
...............................................................
Authorized APS

admin@APS:/# system hsm show

HSM: Cavium NITROX XL CN1620-NFBE3
Hardware Version: 2.0
FIPS state: FIPS mode with single factor authentication [2]
Firmware ID: CN16XX-NFBE-FW-2.1-110015
Serial Number: 3.0G1403-ICM501380
Persistent Credentials: APS

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 24

HSM Key Import
• / system hsm key import label [usb:|disk:|scp:]
• label - string which identifies the key for listing or removal
• Not used in traffic processing
• usb: | disk: | scp: - location of key
• Only RSA PEM-encoded keys are supported
• If key file is protected by a pass phrase, the system will prompt for it’s entry
• Only SCP is supported for remote file transfer.
• If another protocol (http, https or ftp) is required to copy PEM file, copy it to disk:
first
• Multiple keys can be imported

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 25

HSM Verification
admin@APS:/# system hsm show verbose
HSM : Cavium NITROX XL CN1620-NFBE3
Hardware Version : 2.0
FIPS state : FIPS mode with single factor authentication [2]
Firmware ID : CN16XX-NFBE-FW-2.1-110015
Serial Number : 3.0G1403-ICM501380 Persistently
Persistent Credentials : APS
Login Failures : Officer 0, User 0
authorized service
Master Config : 3 Nitroxes (24 cores) [7] At 20 failures
Slave Config : <invalid> [0]
Device ID : 07 Class 100000 Subsystem 117d:0007
HSM will be
Flags : 0 zeroized
Firmware Version : 2.1
Build Number : 110015 APS service to
Session count : 11 (max 10240)
RW Session Count : 0 (max 0) HSM sessions:
Free Public Memory : 47212 (total 467328) 11 for APS 2600
Free Private Memory : 0 (total 0)
Available User Keys : 3996 (total 3996)
& 2800
Available Session Keys : 3996 (max 3996)
Available SSL Contexts : 250000 (max 250000)
PIN Length : min 7 max 14
Clone Method : ECDH [1]
KEK Method : RSA [1]
Authentication Path : 0
Temperature : 55.7500C
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 26
HSM Verification
• / system hsm stats
admin@APS:/# system hsm stats
SSL Record Processing:
Packet Requests: 0
Packet Aborts: 0
Bytes In: 0
Bytes Out: 0

Hardware Counters:
Completions: 0
Errors: 0

Misc:
Certificates loaded: 1

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 27

HSM Supported Cipher Suites
• APS HSM supports elliptic curve Diffie-Hellman (ECDH) cipher suites and
ephemeral elliptic curve Diffie-Hellman (ECDHE) cipher suites
• RSA Cipher Suites
• Other ciphers will be passed transparently without decryption. The following
message will be logged in syslog:
pktengine[11103]: [W] #TLS-SHELLO-ERR Cipher suite unsupported by back-end

For more information on supported cipher suites please refer to the next few charts on each
specific cipher mentioned above

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 28

HSM Supported ECDH Cipher Suites
RFC Cipher Suite Name OpenSSL Equivalent
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 ECDH-ECDSA-AES256-GCM-SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 ECDH-RSA-AES256-SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 ECDH-ECDSA-AES256-SHA384
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA ECDH-RSA-AES256-SHA
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA ECDH-ECDSA-AES256-SHA
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ECDH-ECDSA-AES128-GCM-SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ECDH-RSA-AES128-SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ECDH-ECDSA-AES128-SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ECDH-RSA-AES128-SHA
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA ECDH-ECDSA-AES128-SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ECDH-RSA-DES-CBC3-SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA ECDH-ECDSA-DES-CBC3-SHA
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 ECDH-RSA-AES128-GCM-SHA256
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 ECDH-RSA-AES256-GCM-SHA384

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 29

HSM Supported ECDHE Cipher Suites
RFC Cipher Suite Name OpenSSL Equivalent
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 30

HSM Supported RSA Suites
RFC Cipher Suite Name OpenSSL Equivalent
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
TLS_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 31

Additional Implementation Notes (1 of 2)
• SSL compression is not supported
• Only TCP/443 traffic is decrypted
• All decrypted traffic is considered to be HTTP. Traffic other than HTTP (such
as SPDY, WebSockets) will be dropped as HTTP malformed
• Decryption is supported in inline inactive, inline active and monitor modes,
but requires traffic symmetry
• If TLS Malformed countermeasure is disabled and decryption process encounters
invalid TLS packet, it is passed transparently

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 32

Additional Implementation Notes (2 of 2)
• If host is logically blacklisted in monitor or inline inactive mode, its traffic is no
longer decrypted
• If traffic is bypassed due to whitelist or “pass” statement in filter list, it is not
decrypted
• If APS does not have certificate to decrypt traffic, it is not decrypted and passed
after L3-L4 and TLS malformed checks
• For traffic that uses ECDH and ECDHE cipher suites, APS only decrypts
connections that negotiate the same EC curve as the static EC private key
• For APS to decrypt ECDHE traffic, the protected server must use a static EC
private key and static curve, which you need to import into the HSM

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 33

GUI Configuration
• Two simple checkboxes on AdministrationàGeneral configuration page

• Visible only if an HSM is present

• By default, both options are disabled

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 34

Managing HSM Keys with Venafi
Venafi Trust Protection Platform is a third party certificate management service
• Leverages the HSM API to manage certificates on the HSM
Usage
• Prerequisites on APS
• HSM must be initialized
• HSM crypto user must be configured
• API token for a user with sys_hsm privileges
• Updating IP access rules to allow HTTPS
(Port 443) communication with Venafi server.
• On Venafi
• Create and Configure as an Adaptable
Application
• Add API token
• Add HSM crypto user credentials
• Generate certificates Note: The Venafi Trust Protection Platform does not
support the ability to import EC keys.
©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 35
REPORTING IN THE UI

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 36

SSL Inspection Widget
• If an HSM is present,
the SSL Inspection
widget is displayed on
the Summary page
below Interfaces

• Legend is clickable

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 37

Decrypted Traffic Visualization
• Decrypted URLs and Domains are displayed on the View Protection Group
page (only if relevant checkbox is selected)
• ExploreàPacket Capture displays only encrypted traffic (however
it includes the drop reason if something was found after decryption)

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 38

Unit Summary
In this unit we have learned about Arbor APS Onboard SSL Inspection:
• Design
• Hardware Specifications
• Configuration
• Reporting in the UI

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 39

Q&A / THANK YOU

©2017 ARBOR® CONFIDENTIAL & PROPRIETARY 40