Don’t Let Your Network Security Tools Undermine Your Network Security
Information security is so important we layer tools on top of tools, hoping they work together and offer increased protection of our data. Often, that works. But sometimes the increased complexity of using so many tools creates new security problems. That’s the case with SSL inspection tools.
SSL Is the Foundation of Cybersecurity
SSL/TLS is one of the most basic security measures we can take, ensuring that data is encrypted during communication. The encryption ensures that the content of a message is protected from unauthorized readers. But the use of encryption also means that security tools can’t see what’s inside network traffic in order to protect your network from malicious software.
That’s a problem, because bad actors can exploit encryption to hide malware and conceal data theft. Infected messages can come through standard ports and, because of the SSL, appear trustworthy to users and browsers. SSL and HTTPS don’t protect websites from attacks; they simply mean the attack is via an encrypted channel.
SSL Inspection Tools Introduce Risk
The approach many organizations take to counter this is to use SSL inspectors to get visibility into the encrypted traffic on their networks. The SSL/TLS inspector is able to decrypt both inbound and outbound messages and direct the cleartext to network gateways and tools such as intrusion prevention systems for analysis.
While these tools provide a critical function in securing data, they introduce their own risks, as found by CERT, the US Computer Emergency Readiness Team. For the SSL inspection tools to work, they step in between the system sending the message and the system receiving the message, creating their own connection that allows them to validate the content. To both the sender and receiver, the SSL inspection tool acts as if it is one end of the communication.
Since SSL relies on digital certificates to encrypt messages, the inspection tool must decrypt the message it receives and substitute its own digital certificate in place of the actual end system’s certificate. To ensure the security of the process, the SSL tool must validate the certificates it receives.
Unfortunately, CERT found that many of the tools do not do this validation properly. If the SSL inspection tool wasn’t in the middle, the user’s browser would validate the certificate; all major browsers do this validation reliably. But because of the SSL inspection, the original certificate never reaches the end user’s browser—it was substituted by the tool’s own certificate. As a result, users are left unaware of problems with certificates and the site they are communicating with.
In some cases, the problem results from default configuration settings that were never updated, so the resolution requires understanding the tool’s parameters and changing them accordingly. Other products may need to be upgraded or replaced.
If you haven’t updated your SSL inspection tools, do it now. You can use the website badssl.com to check if your inspection tool is validating certificates properly. Or contact Prescient Solutions for a full review of your network security. Our team of experts will evaluate your infrastructure to assess your vulnerabilities and design a cybersecurity strategy that ensures your layers of tools work together effectively to boost your security rather than undermining it.