I understand SSL Web browsers can serve as vectors for malware. Can you explain how that works and how we can prevent...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
malware from infiltrating a network via SSL traffic?
Ask the Expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Web browsers have included support for the Secure Sockets Layer (SSL) protocol, which is a method for encrypting data, since Netscape introduced SSL v2.0 in 1996. Other protocols typically use it to encrypt the contents of the traffic, such as malware content being served over a HTTPS connection to a Web browser. This encryption protects the privacy and security for users, but in the case of malware, it prevents network inspection tools from analyzing the contents of the network for malware. Smart attackers encrypt their communications, using HTTPS to hide their traffic from detection. That malware is transmitted over HTTPS to a Web browser on an endpoint that does not indicate any issues with HTTPS, identify SSL malware per se, or any other SSL security issues, but only identifies an issue with the security of the endpoint and network security controls in place.
I have discussed Web browser security controls for endpoints in previous questions, but there are some network security controls that prevent malware from infiltrating via SSL-encrypted traffic. Most signature-based network security tools cannot identify malware in a HTTPS connection, but a Web proxy with SSL inspection functionality could be used to analyze the content for malware. Behavioral-based network security tools do not have this same limitation. You could also use IP or DNS-based blacklists to prohibit websites that host malware, but this might block legitimate Web traffic.
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Nick Lewis
USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and ...continue reading
Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how ...continue reading
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.