SSL is a Security Blind spot
According to study from Netcraft, the number of websites using SSL encryption has risen by nearly 40% in the last year, and now totals well over two million. In addition to the obvious applications (i.e. online retail, banking and gambling) SSL encryption is now being increasingly used for online web logins (Hotmail and gmail) charity donations and other payment gateway services. Some anonymizers also rely on SSL to keep surfing sessions secret.
The problem with SSL is that despite the certificate system, not all sites that use the protocol can be automatically trusted. Organizations can end up in a tricky position if critical data is compromised via webmail accounts ' or if an employee does or says something they shouldn't using an encrypted proxy network or a secure IM client like GoogleTalk. More risks lie in the fact that standard security solutions rarely work on encrypted traffic - so viruses can use SSL to worm their way into networks undetected. By travelling into networks via the same secure tunnels that are used for online banking, malware and other web nasties are rendered virtually invisible and can effectively sidestep security by disguising themselves as 'trusted' traffic.
Tom Newton, Product Manager at SmoothWall says 'Because SSL has traditionally been beyond the reach of network security systems like content filters; it has become a serious security blind spot. A much higher proportion of network traffic is now encrypted, and so SSL filtering is now an indisputably crucial component of network control.'
SSL Interception allows SSL traffic to be decrypted so it can be analyzed and the content checked for viruses and other undesirable material. One of the reasons it is rarely found in standard security systems is because of the processor-intensive calculations and algorithms required. Fortunately though, vendors like SmoothWall are now finding ways to incorporate SSL control ' without impacting performance.
SSL Interception is also an important weapon for the IT department in the ongoing fight against proxy abuse in the workplace. As more organizations embrace the productivity benefits of filtering, an equal number of their employees are learning how to use proxy tools to bypass filters so they can access their cherished Facebook accounts. Many of these bypass tools rely on SSL encryption for secret browsing and SSL Interception is the only way to accurately detect and block these technologies.
As Stewart Allen, an independent analyst and consultant explains, 'Being able to see the Internet traffic flows in an unencrypted format strengthens anti-malware defences. SmoothWall's new SSL Intercept feature helps IT departments protect their networks from the underbelly of the Internet.'
1 Netcraft SSL Survey January 2008
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
ssl
Powered by TwitterOn Twitter now
ssl
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Give the customers what they want - Secure environments
My thoughts are that essentially security and risk intertwined. Both are reflections of our fear and need to protect? One without the other is pointless. Good business sense is to listen to the customer, and give them exactly what they want and nothing else is worth the risk.Hackers have been using SSL for years, and research has shown that most customers are unable to tell whether they are at an authentic website that is using SSL encryption. Web browsers provide enough information to tell if SSL is on, but its presentation is inferior to EV SSL. “Extended Validation” certificates jump off the screen compared to SSL by displaying the company name in green to the left of the URL along with the fav-icon.
EV SSL is maturing and I believe we will find more and more users demanding the heightened level of protection it offers. Why-- Their growing fear and risk of identity theft.
SSL...
Ya somewhat it's true that ssl is being used by hackers for some kind of mall practice. but still i think ssl channel is safe for any kind of transaction.Because all the packets after change cipher spec are encrypted so there is not any hole for spoofing.ok here second point comes that through this channel any virus also can travel. ya it's true,but it will happen when either of communicating party wish to do so, otherwise it's impossible for "man in middle" to insert any virus in ssl channel. And if u trust other party then only you should go ahead.and that you can make sure by seeing server certificate....[correct me if i m wrong]