Skip to main content
Version: 2.2

Secure Sockets

Overview

This security feature is only available on Waratek Elevate, is not supported on Waratek Secure

Creating plain TCP server sockets without data encryption allows attackers to intercept such communication channels and read/modify the transmitted data. To avoid such attacks the communication channel must be encrypted. To enforce this policy, the rule upgrades TCP server sockets to SSL/TLS server sockets. Upgrading TCP server sockets to SSL/TLS server sockets will significantly increase the difficulty of Man-in-The-Middle attacks and address known vulnerabilities such as CWE-319, CWE-311, and CWE-5 that are classified as "Sensitive Data Exposure" in OWASP’s Top 10 list.

The upgrade is completely transparent to the application and behaves as if communication is occurring over an unencrypted channel. Additionally, because of the fact that the host could be a newer Java version than the guest, SSL/TLS server sockets are able to utilize the newer cipher suites available to the host JVM. This provides the advantage of stronger encryption via the use of the latest cryptographic algorithms for SSL/TLS communication.

In order for this rule to successfully upgrade TCP server sockets to SSL/TLS server sockets make sure that the following system properties are set, according to the desired SSL/TLS configuration. Note that the same system properties must be set on both the server and the client nodes.

|

-Djavax.net.ssl.trustStore
-Djavax.net.ssl.trustStorePassword
-Djavax.net.ssl.keyStore
-Djavax.net.ssl.keyStorePassword

|

When (Event)

acceptIP address and portWhen a specific protect action acting on connections is enforced (e.g. forcing TCP connections to use TLS for connection by specifying connection: secure key-value), only wildcard IP and port are supported

Then (Action)

protectUpgrades TCP server sockets to SSL/TLS server sockets. If configured, a log message is generated with details of the event.

Example

Force TCP connections to use TLS for connections.


app("Socket Accept Forced TLS)
requires(version: ARMR/2.2)
socket("Force TCP connections to use TLS for connections"):
accept("0.0.0.0:0")
protect(connection: secure, message: "forced TLS on every connection", severity: High)
endsocket
endapp

Logging

When the above Secure Sockets rule is triggered a log entry similar to the following is generated:

<13>1 2020-09-02T14:41:23.270+01:00 XPS-15-9570 java 23856 - - CEF:0|ARMR:Socket Accept Forced TLS|Socket Accept Forced TLS|2.2|Force TCP connections to use TLS for connections|Execute Rule|High|rt=Sep 02 2020 14:41:23.270 +0100 dvchost=XPS-15-9570 procid=23856 act=protect msg=forced TLS on every connection dst=0 localPort=46283 localName=0.0.0.0