Blog :: Security Operations

Uncovering SSL Vulnerabilities with Gigamon Metadata Exports

joanna

While we have supported Gigamon reports for a couple of years, we now leverage the SSL information pulled from Gigamon flows. This enables you to run a series of reports that provide context-rich SSL information.

What is SSL and Why is It Important?

SSL (secure sockets layer) is a standard security technology forHelping you configure your network devices establishing an encrypted link between a web server and browser. Using this protocol ensures that all data passing between the web server and browsers remains private. Most businesses use SSL to establish privacy for their customers’ and employees’ information.

Why is this important? Well, the good news is that all your information is private! HTTP (port 80) can be insecure and is subject to eavesdropping attacks because the data transferred from the web browser to the server is  in plaintext. With the magic of SSL, we can ensure that your data is delivered from point A to point B securely, know whether the server you’re connecting to is actually the correct server, and encrypt your data transmissions. It is important to note, though, that SSL does have a number of security issues and seems to become vulnerable to new attacks frequently.

Why is the Ability to Run SSL Reports Important?

Gigamon SSL Reports in Scrutinizer

With Gigamon metadata, you can see all SSL information being passed through a specific device. As mentioned above, SSL tends to have security vulnerabilities such as POODLE, Sweet32 Birthday Attack, and the Heartbleed Bug, just to name a few. Each vulnerability uses a specific version of SSL (for example, POODLE uses SSL3) so if you can gain visibility into which versions of SSL are used on your network, you can spot a security vulnerability before it becomes a huge problem.

Gigamon SSL Elements in Scrutinizer

If your Gigamon device is sending flows to Scrutinizer, you will be given two SSL report options: SSL All Details and SSL Version Count. By choosing the SSL All Details report, you’ll be able to see your source IP, destination IP, the version of SSL being used, and even the SSL Cipher. That’s pretty nifty! If you run the SSL Version Count report, you’ll be able to quickly see what versions of SSL are being used and how many servers are using that protocol. From there, you can select the SSL version and run a default report to see which servers may be vulnerable. These are just two of the amazing, context-rich reports you can get from Gigamon devices.

If you want to test out the reports you can run with Gigamon flow data, you can download the free edition of Scrutinizer. Of course, before you run the Gigamon reports you’ll need to configure your device. For more information on that, consult our configuration guide.

There you have it! Happy monitoring!!

Related

traci feature

Gigamon IPFIX Configuration from Command Line

Gigamon uses GigaSMART for most of its NetFlow configurations, but some of us just love working from within a CLI. With a bit of

::
context

Network Traffic Analytics with Gigamon

Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances

::
figures fix computer

Gigamon IPFIX Configuration

Today I want to take a look at the Gigamon appliance and their IPFIX configuration. Recently I was asked an interesting question: an avid

::