Data thieves can use Secure Socket Layer to hide their tracks
Posted on | May 28, 2010 | add a comment
Secure Socket Layer has long been the defacto encryption technology used for e-commerce transactions. SSL increasingly is being used in corporate settings to protect data moving inside and between corporate networks. This has turned out to be a two-edged sword. In this LastWatchdog guest post, Darrin Coulson, Senior Director of Business Development for the enterprise security products at Netronome, which supplies SSL security systems, outlines how widening use of SSL in corporate settings has given hackers yet another way to hide their tracks.
By Darrin Coulson
When consumers buy something on the Internet, do banking or look at medical information online, they trust that the data is protected and secure. This protection is delivered though encryption. Web-based applications and services use the Secure Socket Layer (SSL) to encrypt these communications when in transit over the public Internet. This method of secure communications ensures that third parties cannot eavesdrop or tamper with the data. The data is “locked” in an encrypted state while in transit from computers to the servers in the cloud where the data is then “unlocked” – anyone who might intercept the data in-between would not be able to see what is inside.
In recent years the use of SSL encryption has moved beyond the e-commerce and banking applications into mainstream enterprise business applications such as SharePoint, Exchange, WebEx, Salesforce.com, and email applications like Google Gmail. Virtually all Internet and cloud-computing applications and services are encrypted. In some cases enterprises are reporting that 50% or more of their traffic is encrypted. Sounds safe…read on.
Hackers and criminals are now taking advantage of this. Because SSL does such a great job in creating secure communications paths for these applications, the bad guys are using it to hide their attacks aimed at penetrating the enterprise, such as malware, botnets and phishing attempts. Additionally, SSL permits intentional or accidental removal of sensitive data from the enterprise.
These types of inbound attacks and outbound leaks occur at alarming rates – many go undetected, and most remain unreported. However several recent high-profile examples have captured the attention of IT organizations. In 2009 a highly paid Goldman Sachs employee used SSL encrypted web communications (known as HTTPS) to bypass security systems and transfer large amounts of propriety and sensitive data outside of the company. In another example earlier this year, Google changed its Gmail services to default to SSL encryption just one day after publically acknowledging a coordinated Chinese cyber attack. Last week they took the desire to secure communications one step further by indicating that they would also offer encrypted versions of all Google Search results .
The challenge is that the security infrastructure put in place to protect the enterprise are also blind to the contents of the SSL encrypted communications. This includes Intrusion Detection and Prevention (IDS/IPS), Data Loss Prevention (DLP), network forensics and firewall systems. Something as easy as a person (maliciously or not) sending sensitive information (SSN, Credit Card info) out as an attachment using a Gmail account would bypass security and logging applications put in place to guard against this. As a consequence, the same applications and services that are critical to business success are now unknowingly creating an environment for a new wave of digital thefts, loss and attacks.
In summary, the legitimate need for businesses to support encrypted communications will continue to grow. At the same time, the ability to address the new risks created by these applications and services will become a major challenge over the next few years.
About the Author
Darrin Coulson is the Senior Director of Business Development for the enterprise security products at Netronome. Darrin has 20+ years experience within the technology industry from networking to business video providers. Prior to Netronome he spent 5 years in the business video space serving as the Chief Operating Officer for publicly traded Sonic Foundry. He oversaw the channels, sales, services and operations. Prior to the business video space Darrin spent nearly 10 years at Fore Systems/Marconi, a networking hardware and services company selling high speed networks working alongside many of the current Netronome team members. He held several senior management positions in sales and operations. As the executive in charge of Global Services for FORE and then Marconi he built the infrastructure to support some of the “fastest” progressive networks with leading edge technology around the globe.
