More of the web is encrypted today than ever before. Use of SSL certificates is on the rise and with good reason. Concerns over user and data privacy are a large part of the push to an encrypted web. The good news is that encrypted web traffic does in fact make snooping a lot harder to do. The bad news is that writers of malicious software have also picked up on the trend, making malware detection and web usage compliance much harder for system and network admins alike.
The EFF reports, last year two major PC manufactures were caught shipping PCs with compromised trusted root certificates pre-installed. Because of how those certificates were installed, their private keys were easily exportable by anyone owning one of these PCs and quickly fell into the wrong hands. Once obtained, those private keys were used in wide spread phishing and man-in-the-middle attacks around the world. Since those certificates were already trusted, any wrong click could have landed the user at a completely valid and secure website under the control of a hacker. Without thorough examination of the site, the victim would be none the wiser as the website they landed on that was proudly displaying the green certificate seal we’ve all come to look for when browsing the web. There was miss-issuance problems discovered as well. One major certificate authority (or CA for short) was found to have been illegitimately issuing certificates for organizations other than the ones who originally requested the certificates. This breaks a very fundamental trust model that should be in place protecting the web and its users.
Provided the OS hasn’t had its certificate store hijacked secure web connections are obscured from prying eyes, but also from the very systems responsible for protecting critical networks today. Encrypted traffic such as SSL traffic (now called TLS) is so common today it can’t simply be blocked at the perimeter, or many legitimate web sites will cease to function. However, letting it pass means you have opened a large portion of web traffic for users that is unable to be properly assessed by a security appliance such as an IDS/ IPS, or Next-Gen firewall. So what can be done to peer into these secure connections to validate they don’t contain Malware? That’s where SSL decryption comes into play. By intercepting and decrypting HTTPS connections, network visibility can be restored and the once dark, encrypted web sessions can be assessed for content before being allowed to pass to end users and critical systems. Potentially sensitive information, such as online banking websites can be configured to bypass decryption, keeping personal information secure.
SSL decryption solutions range from all-in-one, firewall integrated to dedicated hardware, and virtual appliances to suite a wide range of network sizes and demands. Don’t leave these potentially dangerous blind spots on your network, talk to us today about an SSL decryption and Next-Gen security solution for your business network.