SSL is a Security Blind spot

SmoothWall – According to study from Netcraft, the number of websites using SSL encryption has risen by nearly 40% in the last year, and now totals well over two million. In addition to the obvious applications (i.e. online retail, banking and gambling) SSL encryption is now being increasingly used for online web logins (Hotmail and gmail) charity donations and other payment gateway services. Some anonymizers also rely on SSL to keep surfing sessions secret.

The problem with SSL is that despite the certificate system, not all sites that use the protocol can be automatically trusted. Organizations can end up in a tricky position if critical data is compromised via webmail accounts ' or if an employee does or says something they shouldn't using an encrypted proxy network or a secure IM client like GoogleTalk. More risks lie in the fact that standard security solutions rarely work on encrypted traffic - so viruses can use SSL to worm their way into networks undetected. By travelling into networks via the same secure tunnels that are used for online banking, malware and other web nasties are rendered virtually invisible and can effectively sidestep security by disguising themselves as 'trusted' traffic.

Tom Newton, Product Manager at SmoothWall says 'Because SSL has traditionally been beyond the reach of network security systems like content filters; it has become a serious security blind spot. A much higher proportion of network traffic is now encrypted, and so SSL filtering is now an indisputably crucial component of network control.'

SSL Interception allows SSL traffic to be decrypted so it can be analyzed and the content checked for viruses and other undesirable material. One of the reasons it is rarely found in standard security systems is because of the processor-intensive calculations and algorithms required. Fortunately though, vendors like SmoothWall are now finding ways to incorporate SSL control ' without impacting performance.

SSL Interception is also an important weapon for the IT department in the ongoing fight against proxy abuse in the workplace. As more organizations embrace the productivity benefits of filtering, an equal number of their employees are learning how to use proxy tools to bypass filters so they can access their cherished Facebook accounts. Many of these bypass tools rely on SSL encryption for secret browsing and SSL Interception is the only way to accurately detect and block these technologies.

As Stewart Allen, an independent analyst and consultant explains, 'Being able to see the Internet traffic flows in an unencrypted format strengthens anti-malware defences. SmoothWall's new SSL Intercept feature helps IT departments protect their networks from the underbelly of the Internet.'

1 Netcraft SSL Survey January 2008

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies