Difference between revisions of "HTTPS Additional Considerations"

From wiki
Jump to navigation Jump to search
(Created page with "==Additional Considerations of HTTPS== ===Website Security=== To protect GC electronic networks, devices and information, the following is a non-exhaustive list of security co...")
 
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
 
==Additional Considerations of HTTPS==
 
==Additional Considerations of HTTPS==
 
===Website Security===
 
===Website Security===
Line 12: Line 13:
 
* Design web services so that they are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Open Web Application Security * Project (OWASP) Top 10].
 
* Design web services so that they are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Open Web Application Security * Project (OWASP) Top 10].
 
For more information on best practices, refer to [https://www.cse-cst.gc.ca/en/group-groupe/its-advice-and-guidance Communications Security Establishment’s (CSE’s) IT security advice and guidance].
 
For more information on best practices, refer to [https://www.cse-cst.gc.ca/en/group-groupe/its-advice-and-guidance Communications Security Establishment’s (CSE’s) IT security advice and guidance].
<br><br>
 
'''Additional Guidance:''' [https://www.us-cert.gov/ncas/tips/ST18-006 Website Security | US-CERT]
 
<br><br>
 
  
===HTTP/2===
+
=== Your Redirects May Need Some Attention ===
HTTP/2 (finalized in 2015) is a backwards-compatible update to HTTP/1.1 (finalized in 1999) that is optimized for the modern web.
+
Many redirect domains are currently in use across the GC as a means to provide easy access to specific pages to users, for marketing purposes, or as a proactive measure to protect against phishing and cybersquatting (the act of registering domains you don't intend to actually use, with the hopes of selling for profit).
 +
 
 +
There’s no problem with this, however for a redirect domain to be ITPIN compliant, they need to be secured prior to permanent redirection to the eventual (secure) destination domain.
 +
 
 +
'''Problems Seen To Date'''
 +
 
 +
The following issues are the dominant problems with redirects in the GC:
 +
# Domains don’t redirect to secure versions of themselves first
 +
# Domains redirect to HTTP endpoints similar to themselves instead of HTTPS (eg: http//www)
 +
# Domains redirect to folders on HTTP endpoints rather than HTTPS (eg: http//www/home)
 +
# Redirected HTTPS domains downgrade to HTTP prior to returning to HTTPS (https//root to http//www to https//www)
 +
Since each URL has to resolve at the server before being redirected, they are still open to manipulation if HTTP. While an immediate redirect to an HTTPS site will net you "Enforcing HTTPS", there remains issues with other requirements.
 +
 
 +
When a domain isn't properly secured internally first, it is impossible to provide an HSTS header for that domain, or achieve compliance against cipher and protocol requirements to be used.
 +
 
 +
'''The Fix'''
  
HTTP/2 includes many features that can drastically speed up website performance, and emerged from the advancements Google demonstrated with SPDY in 2009.
+
For each of the redirected URLs, configuration should:
 +
# first be permanently redirected to a secure version of itself, with HSTS enabled (<nowiki>http://domain-A</nowiki> --(301)--> <nowiki>https://domain-A</nowiki> (with HSTS)); and then
 +
# permanently be redirected (301) to the HTTPS version of the destination site, with HSTS established there as well (<nowiki>https://domain-A</nowiki> --(301)--> <nowiki>https://final-domain</nowiki> (with HSTS).
 +
While this seems it may be a hassle for users, visitors will only ever get the double redirect once due to HSTS.
  
While HTTP/2 does not require the use of encryption in its formal spec, every major browser that has implemented HTTP/2 has only implemented support for encrypted connections, and no major browser is working on support for HTTP/2 over unencrypted connections.
+
Ideally your redirected domains and eventual destination domain both reside on the same server and are internal redirects to a subdomain (domain root --> www, or other), which allows you to add your redirect domains to the Subject Alternative Name (SAN) field when setting up your certificate for your primary site to include all of your pointed URLs, rather than having to get certificates for each one.
  
This means that in practice, ''the major performance benefits of HTTP/2 first require the use of HTTPS''.
+
When redirecting to Canada.ca, or another major GC hub you may not/do not have control over, the configuration of the eventual domain is not your responsibility, nor will the results for that domain be reflected in your domain results.  Your domain must be configured appropriately on the server it resolves to reach full compliance.
* [https://http2.github.io/faq/ HTTP/2 Working Group FAQ]
 
* [https://tools.ietf.org/html/rfc7540 RFC 7540], the final spec
 
<br>
 
  
===Next Steps: TLS 1.3===
+
If you need guidance on this, please refer to our Certificates section in the [[:en:GC_HTTPS_Everywhere/Implementation_Guidance|HTTPS Implementation Guidance]].<br><br>
TLS 1.3 differs from TLS 1.2 and earlier versions of TLS in several substantial ways, in addition to the cipher suite changes; these changes result in it not being directly compatible with the earlier versions of TLS. The following is a list of the major functional differences between TLS 1.2 and TLS 1.3.  It is not intended to be exhaustive and there are many minor differences. <ref>Internet Engineering Task Force (IETF) TLS 1.3 Internet-Draft</ref>
+
'''Additional Guidance:''' [https://www.us-cert.gov/ncas/tips/ST18-006 Website Security | US-CERT]
<br />
+
<br><br>
* The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy.  Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms. The ciphersuite concept has been changed to separate the authentication and key exchange mechanisms from the record protection algorithm (including secret key length) and a hash to be used with the key derivation function and HMAC.
 
* A 0-RTT mode was added, saving a round-trip at connection setup for some application data, at the cost of certain security properties.
 
* Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
 
* All handshake messages after the ServerHello are now encrypted. The newly introduced EncryptedExtension message allows various extensions previously sent in clear in the ServerHello to also enjoy confidentiality protection from active attackers.
 
* The key derivation functions have been re-designed.  The new design allows easier analysis by cryptographers due to their improved key separation properties.  The HMAC-based Extract-and-Expand Key Derivation Function (HKDF) is used as an underlying primitive.
 
* The handshake state machine has been significantly restructured to be more consistent and to remove superfluous messages such as ChangeCipherSpec (except when needed for middlebox compatibility).
 
* Elliptic curve algorithms are now in the base spec and new signature algorithms, such as ed25519 and ed448, are included. TLS 1.3 removed point format negotiation in favor of a single point format for each curve.
 
* Other cryptographic improvements including the removal of compression and custom DHE groups, changing the RSA padding to use RSASSA-PSS, and the removal of DSA.
 
* The TLS 1.2 version negotiation mechanism has been deprecated in favor of a version list in an extension.  This increases compatibility with existing servers that incorrectly implemented version negotiation.
 
* Session resumption with and without server-side state as well as the PSK-based ciphersuites of earlier TLS versions have been replaced by a single new PSK exchange.
 
* Updated references to point to the updated versions of RFCs, as appropriate (e.g., RFC 5280 rather than RFC 3280).
 
<br />
 
For a complete list of major differences, see the [https://tools.ietf.org/html/draft-ietf-tls-tls13-28 Transport Layer Security (TLS) Protocol Version 1.3 specification], section 1.3.
 
<br />
 

Latest revision as of 09:29, 8 February 2021

Additional Considerations of HTTPS

Website Security

To protect GC electronic networks, devices and information, the following is a non-exhaustive list of security considerations that can be implemented in a layered manner to support a defence-in-depth approach for web services and minimize opportunities for cyber attacks:

  • Deploy modern operating systems (OS) and applications that are maintained with supported, up-to-date, and tested versions of software.
  • Actively manage software vulnerabilities, including fixing known vulnerabilities quickly following a timely patch maintenance policy for OS and applications, and taking other mitigating steps, where patches can’t be applied.
  • Implement appropriate host-based protections to protect systems against both known and unknown malicious activity.
  • Minimize available services and control connectivity by removing or disabling all non-essential ports and services as well as removing unnecessary accounts from systems.
  • Enable system logging to improve the ability to detect and identify anomalous behaviours, perform system monitoring, and to assist with incident response and forensic analysis of compromised systems.
  • Carefully control and manage privileges assigned to users and administrators. Provide a reasonable (but minimal) level of system privileges and rights needed for their role.
  • Use strong authentication mechanisms (for example, multi-factor authentication) where possible to protect from unauthorized access.
  • Design web services so that they are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the Open Web Application Security * Project (OWASP) Top 10.

For more information on best practices, refer to Communications Security Establishment’s (CSE’s) IT security advice and guidance.

Your Redirects May Need Some Attention

Many redirect domains are currently in use across the GC as a means to provide easy access to specific pages to users, for marketing purposes, or as a proactive measure to protect against phishing and cybersquatting (the act of registering domains you don't intend to actually use, with the hopes of selling for profit).

There’s no problem with this, however for a redirect domain to be ITPIN compliant, they need to be secured prior to permanent redirection to the eventual (secure) destination domain.

Problems Seen To Date

The following issues are the dominant problems with redirects in the GC:

  1. Domains don’t redirect to secure versions of themselves first
  2. Domains redirect to HTTP endpoints similar to themselves instead of HTTPS (eg: http//www)
  3. Domains redirect to folders on HTTP endpoints rather than HTTPS (eg: http//www/home)
  4. Redirected HTTPS domains downgrade to HTTP prior to returning to HTTPS (https//root to http//www to https//www)

Since each URL has to resolve at the server before being redirected, they are still open to manipulation if HTTP. While an immediate redirect to an HTTPS site will net you "Enforcing HTTPS", there remains issues with other requirements.

When a domain isn't properly secured internally first, it is impossible to provide an HSTS header for that domain, or achieve compliance against cipher and protocol requirements to be used.

The Fix

For each of the redirected URLs, configuration should:

  1. first be permanently redirected to a secure version of itself, with HSTS enabled (http://domain-A --(301)--> https://domain-A (with HSTS)); and then
  2. permanently be redirected (301) to the HTTPS version of the destination site, with HSTS established there as well (https://domain-A --(301)--> https://final-domain (with HSTS).

While this seems it may be a hassle for users, visitors will only ever get the double redirect once due to HSTS.

Ideally your redirected domains and eventual destination domain both reside on the same server and are internal redirects to a subdomain (domain root --> www, or other), which allows you to add your redirect domains to the Subject Alternative Name (SAN) field when setting up your certificate for your primary site to include all of your pointed URLs, rather than having to get certificates for each one.

When redirecting to Canada.ca, or another major GC hub you may not/do not have control over, the configuration of the eventual domain is not your responsibility, nor will the results for that domain be reflected in your domain results.  Your domain must be configured appropriately on the server it resolves to reach full compliance.

If you need guidance on this, please refer to our Certificates section in the HTTPS Implementation Guidance.

Additional Guidance: Website Security | US-CERT