Fighting fraudulent networks using secure connections (SSL) with OPNsense

feb 02, 2016

Home / Blog / Fighting fraudulent networks using secure connections (SSL) with OPNsense
New OPNsense Feature

Fighting fraudulent networks using secure connections (SSL) with OPNsense

Logo_OPNsense

As the focus of hackers and cybercriminals is shifting – from network intrusion attempts to exploiting weaknesses in applications – application-layer attacks increasingly make use of encryption to dodge network security defenses.

 

 

There are numerous threats that you encounter on a daily basis and some of them you may not even be aware of. Most prominent issues are probably privacy issues, such as stealing of sensitive information and bank/credit card fraud.

Transparent proxy with SSL interception

One of the most widely used solutions to counter these issues is to use a transparent proxy with SSL interception.
While this solution offers a wide range of filtering capabilities it also:

  • Raises new security concerns
    • Your firewall needs to encrypt/decrypt the traffic and becomes a man-in-the-middle. One trusted source for all your applications.
  • Introduces possible legal issues
    • Privacy rules may not allow this without alerting your users and you bank may hold you responsible if your account is compromised.
  • Is difficult to setup for most users
    • For starters it requires you to setup a security authority and configure all clients to accept it

Utilize OPNsense’s Inline Intrusion Prevention

Today the OPNsense project proudly announces a solution – that is easy to setup, use and maintain – for mitigating most of these common threats.

SSL Blacklisting

As of version 16.1.1 OPNsense includes SSL Blacklisting based on SSL fingerprinting of malicious SSL certificates. These SSL blacklist are provided freely by www.abuse.ch and we have been granted approval to include them into OPNsense.

Feodo Trojan

On top of this abuse.ch also provides Feodo Tracker, used to keep track of known Feodo threats. Feodo (also known as Cridex or Bugat) is a Trojan used to commit e-banking fraud and steal sensitive information from the victim’s computer, such as credit card details or credentials. For more information see feodotracker.abuse.ch.

Feodo Tracker is now part of OPNsense.  These new enhancements significantly improve security by utilizing the Netmap enhanced Intrusion Prevention System offered by the “Crafty Coyote” (release 16.1).

Read how-to secure your platform with a click of a button: How-To IPS

 

Stay safe with OPNsense, your next open source firewall!