Skip to content

Latest commit

 

History

History
46 lines (33 loc) · 2.97 KB

mitigations.md

File metadata and controls

46 lines (33 loc) · 2.97 KB

Mitigation Strategies Analysis for zeromq/zeromq4-x

Mitigation Strategy: Implement End-to-End Encryption using CURVE

  • Description:

    • Step 1: Generate CurveZMQ key pairs for each communicating peer using zmq_curve_keypair().
    • Step 2: Securely exchange public keys between authorized peers out-of-band.
    • Step 3: Configure ZeroMQ sockets with ZMQ_CURVE_SERVER on the server side and ZMQ_CURVE_PUBLICKEY, ZMQ_CURVE_SECRETKEY, and ZMQ_CURVE_SERVERKEY on the client side.
    • Step 4: Manage keys securely, including storage and rotation.
    • Step 5: Verify encrypted communication by testing message exchange.

  • List of Threats Mitigated:

    • Eavesdropping (High Severity): Interception of data in transit.
    • Man-in-the-Middle Attacks (High Severity): Interception and manipulation of communication.
    • Data Tampering (High Severity): Alteration of messages in transit.

  • Impact:

    • Eavesdropping: High Risk Reduction - CURVE encryption makes decryption infeasible without private keys.
    • Man-in-the-Middle Attacks: High Risk Reduction - CURVE authentication prevents unauthorized connection establishment.
    • Data Tampering: High Risk Reduction - Encryption ensures message integrity.

  • Currently Implemented: Yes, for backend microservices and message queue communication. Keys managed in secrets system.

  • Missing Implementation: Not fully implemented for external client communication, which currently uses application-layer TLS instead of ZeroMQ CURVE.

Mitigation Strategy: Configure Resource Limits (High Water Marks)

  • Description:

    • Step 1: Analyze message flow and rates for each ZeroMQ socket type.
    • Step 2: Set ZMQ_RCVHWM for receiver sockets (PULL, SUB) to limit queued messages in memory.
    • Step 3: Set ZMQ_SNDHWM for sender sockets (PUSH, PUB) to control messages queued for sending.
    • Step 4: Choose HWM values based on memory, message size, and acceptable message loss.
    • Step 5: Monitor message loss and adjust HWM values as needed.

  • List of Threats Mitigated:

    • Memory Exhaustion (High Severity): Unbounded message queues leading to memory overload.
    • Denial of Service (DoS) (Medium Severity): Memory exhaustion contributing to DoS.

  • Impact:

    • Memory Exhaustion: High Risk Reduction - HWM prevents uncontrolled memory growth from message backlog.
    • Denial of Service (DoS): Medium Risk Reduction - Prevents DoS caused by memory depletion.

  • Currently Implemented: Partially implemented. ZMQ_RCVHWM configured for some backend receiver sockets, but inconsistently. ZMQ_SNDHWM less frequently used.

  • Missing Implementation: Consistent ZMQ_RCVHWM and ZMQ_SNDHWM configuration across all relevant sockets. Dynamic adjustment of HWM based on load is missing.