The world of Secure Sockets Layer (SSL) can be hard to understand, but understanding it is crucial to network security. As recent breaches have shown, it remains all too easy for savvy attackers to hack into networks seemingly protected by SSL. A weak or misconfigured SSL is at the core of many of these exploits; hackers know those weaknesses and use them to steal traffic and pilfer sensitive data.
In this webcast, Rob Shapland introduces the topic of SSL and explains in depth the concepts of SSL certificates and certificate authorities. He then looks at ways of capturing plain-text traffic as well as SSL-encrypted traffic, and shows how easily an attacker can grab data as it travels across seemingly secure network wires.
Shapland describes the specific methods hackers use to exploit SSL -- and how you can defend against these attacks. He also focuses on a variety of relevant subtopics, including the following:
· Attacks against SSL, including sslstrip;
· Weaknesses of SSL 2, and poorly constructed encryption ciphers; and
· Attacks against certificates "ripped from the headlines" and the recent BEAST and CRIME attacks.