Find Hidden Threats in SSL Traffic With SSL Inspection

Enforcing SSL connections is one of the most basic security measures you can implement. By using SSL, you ensure that no one snooping on the network is able to read the traffic.

However, while using SSL keeps others from reading messages sent to you, it doesn’t mean the messages are safe for you to read. Encrypted messages can still include dangerous malware. SSL inspection is able to intercept encrypted messages intended for you and verify the contents before it’s delivered to the recipient, but this introduces some security challenges of its own.

Potential Risks of SSL Inspection

The biggest potential risk of SSL inspection is that it’s implemented incorrectly. SSL inspection largely depends on validating the certificates associated with the traffic. Browsers do this all the time, but other applications don’t always handle the certificates properly. When researchers investigate SSL inspection tools, they often find that they don’t use the latest cryptography. Certificates are often validated incompletely.

An SSL inspection is essentially a man-in-the-middle attack, albeit one by an authorized product. The inspection application sits between the sender and the ultimate recipient, and each talks directly only to the inspection application in the middle. When the ultimate client receives the message, it’s only able to validate the connection to the man in the middle, not to the message originator. Because SSL inspectors often are incomplete in their process, this means the recipients remain vulnerable.

In addition, even when the SSL inspection correctly identifies a certificate as invalid, this information isn’t always properly passed on to the message’s recipient. That means the receiving application can’t give the user correct information to let them know how to handle the error. In some cases, the SSL inspector attempts to inform users of the error by generating HTML, but this doesn’t work if the content is sent to another application rather than a person. Sometimes a warning is generated but the request is still sent on for the server to process.

Finally, the SSL inspection process causes traffic to experience a delay before being delivered. For most applications this won’t be an impact; for others, there may be a measurable effect on performance.

Mitigating SSL Inspection Risks

Despite those problems, SSL inspection is still an important security control that protects your data. Choose SSL inspection software that can demonstrate the completeness and effectiveness of its certificate validity checks and how the results are communicated.  Use SSL inspection selectively, only where it adds real value.

Lastly, don’t rely on SSL inspection or any other single security application to protect your data. You need a comprehensive cybersecurity strategy that uses SSL inspection along with firewalls, antivirus software, data loss prevention software, and other controls to provide high levels of protection.

Prescient Solutions develops, implements, and supports complete cybersecurity solutions. Our experts are certified in the leading security products. We have provided IT consulting and managed services in the Chicago and Schaumburg areas for more than 20 years. Contact us to learn how to incorporate SSL inspection into your information security strategy.

Recommended Posts

Leave a Comment

Mobile Security Cant Rely on BYOD