THE MAGAZINE
Technofile: IT Security
Does SSL Lock Trouble In?
When you shop online, the padlock icon on the bottom of your screen tells you that any information you’re sending is encrypted using a protocol called Secure Socket Layer (SSL). But it may also signal dangerous traffic.
SSL traffic is all but invisible to an enterprise, according to a survey of 319 IT security and networking professionals by Blue Coat Systems. More than 72 percent said they had no way to look inside SSL traffic, a situation that nearly 90 percent of the respondents said was risky, particularly as it can pass through firewalls unseen and untouched.
Attackers—or devious employees—can be taking advantage of this blind spot. Spyware or malicious code could be transmitted from a Web site that uses SSL, or employees can use a program that allows them to use SSL to bypass corporate safeguards (such as restricted Web sites). So, employees can bring in infections, or send out confidential data, right under the IT administrator’s nose.
A number of vendors, including Blue Coat, make network appliances that manage SSL traffic and allow administrators to lock down rogue SSL applications.
@ Highlights from the survey are at SM Online.
- Login or register to post comments
- Printer-friendly version
Advertise | Subscribe | Free Product Info | Writer's Guidelines | Reprints & Permissions | Sitemap | RSS
Security Management is the award-winning publication of ASIS International, the preeminent international
organization for security professionals, with more than 38,000 members worldwide.
ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.
703.519.6200 | fax 703.519.6299 | www.asisonline.org
© 2013 Security Management
This site is protected by copyright and trade mark laws under U.S. and International law.
No part of this work may be reproduced without the written permission of Security Management.
Powered by: Phase2 Technology
Comments