SSL security leaves loophole for hackers

Many firms are unknowingly allowing hackers to send malicious code into their networks via Secure Sockets Layer (SSL) encrypted links because it cannot be detected by most intrusion detection systems (IDSs), according to a leading web application security vendor.

Marc Shinbrood, chief executive of Breach Security, told IT Week that because IDSs can only read clear text HTTP traffic, there is a blind spot that firms need to eliminate by installing tools to decrypt SSL traffic as it arrives and then pass it on to be inspected.

"Hackers have been using SSL for years,” said Shinbrood. “But the amount of encrypted traffic over the last few years has increased to around 50 percent [of all network traffic], so it has become more of an issue." SSL security leaves loophole for hackers - IT Week

Linked by shanmuga Thursday, 10th August 2006 2:46AM