How to Protect Your Users against POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) is the latest Secure Sockets Layer (SSL) vulnerability to be uncovered. This vulnerability, which was discovered by researchers at Google, affects SSL 3.0, an older protocol which is still supported by browsers and web servers for backward compatibility. The vulnerability can be exploited by a hacker to obtain “secure” content, such as session cookies, which may enable the attacker to hijack a user’s identity.

The obvious solution is to disable SSL 3.0 on all browsers. However, that may be difficult for an enterprise with thousands of deployed browsers, and may also introduce backward compatibility problems with older web applications.

McAfee Web Gateway (MWG) customers can effectively eliminate this vulnerability for their users. MWG can be configured as an SSL scanning proxy server that sits between the browser and web server. As a proxy, MWG controls both the client and server sides of the connection in two separate TCP connections. For each connection, the two sides have to “agree” on the protocol version to be used.

With MWG in control of the connections, the system administrator can simply remove SSL 3.0 from the list of supported protocol versions. The web server and client each think the other does not support SSL 3.0. Therefore, an attacker attempting to exploit POODLE will fail, since neither the server nor the client will use the protocol.

All you need to do is enable SSL scanning (which McAfee recommends you do in any case to detect encrypted malware), and uncheck the SSL 3.0 protocol box on the system console.

For more information, read this article on the McAfee Community site.

Leave a Comment

5 × 2 =