Access your Pro+ Content below.
HTTPS interception gets a bad rap; now what?
This article is part of the Information Security magazine issue of September 2017, Vol. 19, No. 7
In March, the United States Computer Emergency Readiness Team issued an Alert (TA-17-075A) notifying security managers that "HTTPS Interception Weakens TLS Security." Secure internet communications that adhere to privacy and data protection standards may mean that enterprises continue to have a blind spot when it comes to encrypted traffic. To detect malicious software or illegal user activities, network security gateways with HTTPS inspection have provided companies with a way to monitor inbound and outbound internet traffic that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protects. But interception of TLS connections by firewalls, antivirus products and other security tools can introduce vulnerabilities that companies generally remain unaware of, according to researchers. "To put it bluntly, this is not good," said Johna Till Johnson, CEO and founder of Nemertes Research, in an April 2017 blog that looked at the issue. "There's really no point in deploying security products and protocols if you ...
Access this PRO+ Content for Free!
Features in this issue
Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it.
With years of cybersecurity and military IT experience, the District of Columbia's first information security officer brings a well-developed toolkit to the job.
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission.
Columns in this issue
Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action.
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider.