1. Risk Assessment

Background

During 2014 there have been numerous attacks on the SSL and TLS protocols used by many websites to secure communications between the client and the server.  Due to the various attacks such as BEAST, FREAK, POODLE and more recently LOWJACK the Payment Card Industry Data Security Standard (PCI DSS) has been modified to disallow the use of the SSL protocol as well as weak TLS algorithms. Whilst the requirement applied as of the release of the new version of the standard, organisations have until June 2016 to phase out SSL and weak TLS ciphers as defined by NIST, providing a remediation plan is in place.

This document outlines the currently use of TLS within Qvalent and the remediation approach for each item and expected time line as of writing.  The information provided here is in line with the PCI Council’s recommendations documented in “Migrating from SSL and Early TLS”[1], Version 1.0 Date: April 2015.

Qvalent recognises that the weak ciphers as defined by NIST need to be removed by 30 June 2018 and has conducted a risk assessment and has developed this migration plan to manage the process.

TLSv1.0 use

TLS 1.0 is used as follows:

1. Currently TLS1.0 and 1.1 is supported in HTTPS on the Internet facing web application servers where users may enter credit card information. In addition to this Qvalent has a number of Web services exposed that are used for B2B connections to known customers. 
   1. The data being transmitted includes the PAN for payments made by customers.
   2. Number of services affected:
      1. ccapi.client.qvalent.com (192.170.86.141)
      2. www.payway.com.au (192.170.86.159)
      3. quickstream.westpac.com.au (192.170.86.173)
      4. pnpnet.qvalent.com (192.170.86.142)
      5. www.batchadvantage.qvalent.com (192.170.86.135)
      6. ssiw.qvalent.com (192.170.86.151)
      7. ws.qvalent.com (192.170.86.172)
      8. www.colbcp.westpac.com.au (192.170.86.133)
      9. settlementservice.qvalent.com (192.170.86.134)
      10. westpacinvoicefinance.qvalent.com (192.170.86.136)
      11. olp.qvalent.com (192.170.86.148)
      12. ssdw.qvalent.com (192.170.86.150)
      13. mailpr.qvalent.com (192.170.86.151)
      14. sstw.qvalent.com (192.170.86.154)
      15. ilink.westpac.com (192.170.86.167)
      16. quickstream.westpac.com.au (192.170.86.173)
      17. merchantonline.westpac.com.au (192.170.86.173)
      18. paymentsplus.westpac.com.au (192.170.86.182)
      19. quickservice.westpac.com.au (192.170.86.187)
      20. quicksuper.westpac.com.au (192.170.86.189)
      21. RDP - TLS1.0 is also enabled on the RDP service on all servers for the purposes of remote management. 
          1. No card data is transmitted. The connection is for administration purposes only.
          2. RDP sessions are only available internal to the CDE which is accessed via IPSEC VPN. 

Limitations

Qvalent has a requirement to ensure that websites and services are available and can be used by all. As a legal limitation valid payment attempts can not be denied and must be processed. This requires the use of TLS v 1.0 on these site. 

Risk  - LOW

Qvalent assessed the risk of TLS use in the current environment. 

The likelihood and the potential impact of exploitation for this vulnerability was considered and evaluated. The risk was rated as LOW based on the information available.

The USCERT rates the issue as difficult to exploit[2] and outlines the two main requirements for exploitation.  The two conditions that need to be in place are:

1. “the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input)”
2. “the attacker must have visibility of the resulting cipher text.”

Successful exploitation depends on a vulnerable server, a vulnerable client and a successful man in the middle attack (MITM) before this particular attack can be successful. 

The Internet Storm Centre, a respected source of information relating to vulnerabilities, outlines that whilst the attack is possible. It is nontrivial to execute[3].

Mitigating factors for a successful attack:

• For B2B transactions Qvalent utilises mutual authentication where by both the client and server must present a valid certificate issued to the customer by Qvalent.
• Should a MITM be attempted the attack will trigger a certificate warning on the client requiring the user to accept an invalid certificate.
• Qvalent has restricting the number of communications using the vulnerable protocols by detecting and blocking requests to downgrade to a lesser protocol version. This is enforces across all Qvalent websites and system to system using HTTPS communications channels via TLS fallback SCSV on Qvalent load balancers.
• Most browsers auto update and are no longer supporting the vulnerable ciphers needed for a successful attack. Limiting the issue to B2B connections which utilise mutual authentication of the session.
• IPS/IDS signatures have been enabled to detect attempts to downgrade connections or attempt to exploit SSL/TLS.

Recommendation:

Risk to be monitored and TLS 1.0 removed from the environment as soon as practical. 

2 Migration Plan

The migration plan follows the recommendations as outlined in the “Migrating from SSL and early TLS” document.  

1. Identify all system components and data flows relying on and/or supporting the vulnerable protocols.
1. Qvalent is examining the impact on current systems relating to TLS use and determine the impact to the environment to change. This was completed by December 31 2015.  
2. For each system component or data flow, identify the business and/or technical need for using the vulnerable protocol.
1.  Qvalent has evaluated the impact of TLS removal on business critical systems.  It has been identified that many customer systems can only support TLSv1.0. Turning off TLSv1.0 would prevent these customers from transacting with Westpac. Customers must be given fair warning before TLSv1.0 is disabled.
2.  Current known use is documented in the section “TLS use” above.
3. Immediately remove or disable all instances of vulnerable protocols that do not have a supporting business or technical need.
1. Qvalent has evaluated the systems where this can be done without adverse impact on the environment and customers.  This was completed on March 1 2016.
4. Identify technologies to replace the vulnerable protocols and document secure configurations to be implemented
1. This was completed by March 31 2016
5. Document a migration project plan outlining steps and time frames for updates
1. This document will be used to track and maintain timelines as indicated.  Progress will be reviewed monthly. Refer to here Qvalent and Westpac services disabling TLSv1.0 and TLSv1.1
6. Implement risk reduction controls to help reduce susceptibility to known exploits until the vulnerable protocols are removed from the environment.
1.  Additional IPS signatures have been enabled.
2. The service provider has been instructed to take additional care with regards to identifying TLS or SSL based attacks on the organisation.
7. Perform migrations and follow change control procedures to ensure system updates are tested and authorised.
1. Standard Change control will be used to implement any mitigation.
8. Update system configuration standards as migrations to new protocols are completed.
1. Current documentation has been updated to reflect the use of insecure protocols. 
2. Configuration standards have been updated to prohibit new deployments of TLS 1.0 and SSL.
9. Notify customers through the use of email and notifications on Qvalent websites that TLSv1.0 and TLSv1.1 is to be turned on the 9^th of Oct 2017. Monitoring the number of customers that have viewed this notification. – Done
10. Soft turn off of TLSv1.0 and TLSv1.1 from the 9^th of Oct 2017 (Done). All applications will give an error to customers if they try and process transactions using TLSv1.0 or TLSv1.1 now.
11. Turn off TLSv1.0 and TLSv1.1 at a network level. This is scheduled for the 1st of May 2018 (Done). PCI council has scheduled the 30th June 2018 as the official cutoff.
12. As of 9:10am on the 2nd May (SYD Time) TLSv1.0 and TLSv1.1 has been turned off across all Qvalent applications at a network level.

3 Customer Notification