Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Common Misunderstandings about SSL Encryption- Separating Fact from Fiction

July 2017 by Mohammed Al-Moneer, Regional Director, MENA at A10 Networks

The amount of Internet traffic secured via SSL encryption is surging to new
heights every day - it’s estimated that nearly 70 percent of all web traffic
uses SSL encryption and 86 percent of that uses advanced encryption
methods like Elliptical Curve Cryptography (ECC) and
Perfect Forward Secrecy (PFS).

On top of that, when you consider the massive growth in Internet of Things (IoT) devices coming onto the network that are beginning to also require fast
processing of encrypted traffic, it’s no wonder businesses are concerned about a
potential "encryption crisis" that vendors are struggling to address. To this
point, research and analyst firm IHS
Technology (https://cdn.ihs.com/www/pdf/enabling-IOT.pdf) estimates that the
number of IoT devices could spike to 30.7 billion in the next three years, and
cautions that those devices should leverage secure communication methods such as
encryption.

Despite the potential blind spots introduced by encrypted traffic, which makes
it harder to detect malware and other cyber threats, some companies elect to go
without the ability to inspect this encrypted SSL traffic at all. Why? Because
there are a host of misperceptions regarding SSL-encrypted traffic.

Here, we separate fact from fiction and share a few common SSL misperceptions
and the reality.

SSL is complicated, slow, requires many resources to inspect and introduces new
risks for networks. Actually, these days, it’s possible for SSL processors to
reach speeds as fast as 44,000 SSL connections per second
(CPS) for 128B file sizes. And by using application delivery
and server load balancing
technology, you can offload the compute-intensive SSL/TLS
processing from web servers for faster processing of SSL traffic.

We don’t expect any increases in overall SSL traffic. Some customers claim that
as they’re transitioning to using traffic-heavy applications such as Office 365,
their SSL traffic nearly doubled. Introducing new business tools requires a
better understanding of new demands on your network - and an even greater need
to inspect the traffic that’s coming into your network. And when you consider
the need to address the swell of traffic generated by IoT devices that comes in
close proximity of your business, you add an even greater need to swiftly and
securely process this traffic.

I already know what’s happening with our network traffic. In reality, many IT
professionals don’t realize how much encrypted traffic is on their network until
they actually install SSL/TLS encryption solutions - especially those that
support protocols other than HTTPS and can detect SSL/TLS on non-standard ports.
SSL/TLS encryption in high-throughput, high-connection-rate scenarios can give
enterprises assurance with their email platforms that can effectively become a
"ransomware killer."

I already have an encryption solution, so don’t need a dedicated appliance.
While it’s true that many all-in-one solutions can process encrypted traffic,
there is often an SSL performance tax associated. Can you sacrifice security for
performance, or vice versa? Having a dedicated appliance for SSL encryption
takes the processing demands off your other appliances, meaning you don’t suffer
the SSL performance hit.

All we have to do is block access to unsavory websites and we’re safe: There are
numerous examples of legitimate websites being exploited, cross site scripting
and malware - in the form of adware. All of this is prevalent in websites that
employees visit during normal daily activity. On top of that, you also have to
factor in all the added risks mobile workers bring into secured perimeters - or
simply office employees with mobile devices that include apps with weak security
 that can introduce malware to the corporate network. Bad traffic doesn’t come
from unsavory websites alone. It’s important to have an encryption solution
protects your network from all angles.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts