As of the first quarter of 2017, half of all web traffic is encrypted, according to a report by the Electronic Frontier Foundation. Google is even pressuring more sites to become SSL-certified by programming its search algorithms to give indexing preferences to https sites.
Unfortunately, an SSL certificate is no longer a foolproof safeguard against the latest attacks. A 2016 McAfee Labs Threat Report revealed that SSL-related attacks accounted for up 11 percent of all cyber threats.
Vulnerability of HTTP Sites
More SMBs and enterprises are protecting their data by encrypting network traffic. Online attackers have also stepped up their game by exploiting SSL/TLS vulnerabilities.
One such attack, known as “DROWN,” decrypts data from https sites and TLS email servers. The attack targets servers that support SSLv2 by decrypting the connection between up-to-date clients and servers. Servers that use a private key on another server that allows SSLv2 connections are also susceptible.
Roughly 5.9 million https web servers support SSLv2, with another 936,000 TLS-protected email servers also supporting the unsecured protocol.
Furthermore, trojan malware that exploits encryption is also on the rise. Malware such as Zbot, Zscaler, and Vawtrak are using SSL to encrypt communications between compromised endpoints and C&C servers to hide payloads and other information.
SSL Inspections Are Paramount
With a full SSL inspection, also known as deep inspection, the encrypted data undergoes an evaluation to ensure it is malware-free. This is done by impersonating the original receiver of the SSL session where the data is decrypted for further examination. When complete, the data is re-encrypted and a new SSL session is created by impersonating the sender before the re-encrypted data is transmitted to the original sender.
A full inspection might also include a certificate inspection. This is a secondary measure that verifies the identity of web servers and that https protocol isn’t exploited for accessing blocked sites.
Encryption Best Practices
A full SSL deep inspection does have its drawbacks. Since the traffic needs to be decrypted, inspected, and re-encrypted, it can significantly slow your IT security system’s performance. You can minimize the speed downgrade by implementing the following:
- Understand your traffic. Know how much traffic you are getting at any given point and how much of that is encrypted. You may also want to reduce the number of policies that permit encrypted traffic.
- Be selective with inspections. Only apply full SSL inspections where needed by using white lists or curtailing your policy.
- Accelerate hardware. Some IT systems utilize an SSL/TLS protocol processor for SSL data scanning and acceleration. Consider this form of hardware acceleration as an add-on.
- Test the inspection yourself. Don’t enable a full inspection all at once. Take advantage of your IT security system’s flexible policy to deploy inspections on a gradual basis.
- The threat landscape is ever changing; encryption alone is a narrow line of defense that is becoming increasingly penetrable. Without the latest firewall, both security and performance are at risk.
FortiGate 7060E represents the next evolutionary step of network and server protection, providing a seven-layer security solution that covers full SSL inspections. This next-generation firewall is powered by 100 Gbps NGFW throughput for consistent threat intelligence analysis—all without compromising everyday performance.
A partner of Fortinet, NCA is a leading information security consulting firm with successful experience delivering the security and performance advantages of advanced FortiGate firewall technology. Contact us to learn how we can help you optimize data encryption at your organization.