PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
September 2017, Vol. 19, No. 7

HTTPS interception gets a bad rap; now what?

In March, the United States Computer Emergency Readiness Team issued an Alert (TA-17-075A) notifying security managers that "HTTPS Interception Weakens TLS Security." Secure internet communications that adhere to privacy and data protection standards may mean that enterprises continue to have a blind spot when it comes to encrypted traffic. To detect malicious software or illegal user activities, network security gateways with HTTPS inspection have provided companies with a way to monitor inbound and outbound internet traffic that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protects. But interception of TLS connections by firewalls, antivirus products and other security tools can introduce vulnerabilities that companies generally remain unaware of, according to researchers. "To put it bluntly, this is not good," said Johna Till Johnson, CEO and founder of Nemertes Research, in an April 2017 blog that looked at the issue. "There's really no point in deploying security products and protocols if you ...

Features in this issue

Columns in this issue