Friday, February 14, 2014

WebSockets and Security Infrastructure

Web sockets are new and very cool. If you're not familiar with them wikipedia (as always) has a pretty good article.

Working on a websocket test app recently I had a connection that kept on failing.






A thought occurred to me, so I switched to wss from ws causing my traffic to be encrypted. My company doesn't currently decrypt any SSL traffic on our security appliances, so this effectively turned my socket into a black box to my proxy, IPS, and firewall. That worked.

I ran a query on our proxy and sure enough, there was the traffic for both requests.



I decided to look on the external firewall.



Only the SSL traffic was showing up here. So something (proxy, IPS, internal firewall, or external firewall) was knocking down the unencrypted socket traffic.

For the record, I'm aware that it's better to decrypt/recrypt SSL traffic on your proxy. Chalk it up to a mixture of old technology and budget concerns. You work with what you have.

Lessons learned here:

Websockets are cool, but might get stopped by your internal security infrastructure.

If encrypting the traffic resolves the issue, you've just discovered a security hole in your environment.