1

We are thinking of implementing Mutual SSL combined with IP Filtering because we are unable to setup a vpn within our external client. What are the risks associated with using Mutual SSL combined with IP Filtering?

Some possible concerns:

  • Is it vulnerable to ip spoofing?
  • Could less secure encryption mechanisms invalidate this setup?
amccormack
  • 3,971
  • 1
  • 15
  • 23
kwangsa
  • 113
  • 4
  • 1
    Welcome to Security.SE! There is no such thing as a "stupid" question, only well asked or poorly asked. Feel free to edit out the first line of your post. You could increase the quality of your post by enumerating what some of your concerns are so the scope of your question isn't so broad. Are you asking what (if any) risks are introduced by implementing Mutual SSL & IP Filtering? It may also help to know why you are using these controls in the first place. That is, what risks are you trying to mitigate by using them? – amccormack Jun 19 '15 at 05:01
  • Done, modified it – kwangsa Jun 19 '15 at 05:25
  • 1
    Great! I submitted an edit that cleaned up the language a little bit which should make it easier to read. I also removed the "Thank You". While the community appreciates your intent with a Thank You, many people think it clutters up the post and is unnecessary. They will tell you we know you are thankful when you take the time and care to write a great question :). – amccormack Jun 19 '15 at 05:39
  • With mutual SSL I read TLS with client authentication (server authentication is implied). Am I correct in assuming this? – Maarten Bodewes Jun 19 '15 at 08:28
  • @MaartenBodewes , yup you are right. – kwangsa Jun 22 '15 at 00:12

1 Answers1

1

So assuming that by "mutual SSL" you mean that each end of the connection will generate a set of SSL certificates and then they will validate each others certificate when the connection is brought up, issues like IP spoofing should not be a concern, as if an attacker is able to spoof the IP address (which is actually not a trivial undertaking for a TCP connection) they would not be able to complete the SSL handshake as they would lack the SSL private keys which match the certificates held by the other end.

Some things I can think of that you would need to consider with this set-up

  • Initial communication of the certificates for each end of the connection. You need to ensure that these aren't tampered with in transit.
  • Configuration of the SSL cipher suites on each end of the connection. You'll want to configure the servers at both ends of the connection to ensure that they don't support weak ciphers or deprecated protocols (some ideas for web servers here)
  • You'll need to ensure that you have policies in place for revoking/re-issuing certificates when they expire or if there is a breach in the security of one of the servers.
Community
  • 1
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • thanks for the answer, may i know how the weak cipher contribute to breach if we using mutual SSL and IP Filtering ? Thx – kwangsa Jun 22 '15 at 00:16