Protecting Your Network Against Risky SSL Traffic ABSTRACT

Similar documents
The Benefits of SSL Content Inspection ABSTRACT

The Impact of Anonymous Proxies In Education

The enemy within: Stop students from bypassing your defenses

How Traditional Firewalls Fail Today s Networks And Why Next-Generation Firewalls Will Prevail

SECURE ICAP Gateway. Blue Coat Implementation Guide. Technical note. Version /12/13. Product Information. Version & Platform SGOS 6.

SSL Encryption and Traffic Inspection ADDRESSING THE INCREASED 2048-BIT PERFORMANCE DEMANDS OF 2048-BIT SSL CERTIFICATES

COORDINATED THREAT CONTROL

Networking for Caribbean Development

May Palo Alto Networks 232 E. Java Drive Sunnyvale, CA

Enterprise-Grade Security from the Cloud

Simple security is better security Or: How complexity became the biggest security threat

Downloading and Configuring WebFilter

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Moving Network Security from Black and White to Color Refocusing on Safely Enabling Applications

How To Secure Your Employees Online With Zscaler.Com And Your Website From Being Infected With Spyware Or Malware

4 Steps to Effective Mobile Application Security

Websense Web Security Solutions

Network protection and UTM Buyers Guide

Controlling Web 2.0 Applications in the Enterprise SOLUTION GUIDE

Internet threats: steps to security for your small business

Enterprise Buyer Guide

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

THE OPEN UNIVERSITY OF TANZANIA

Next Gen Firewall and UTM Buyers Guide

How To Control Your Network With A Firewall On A Network With An Internet Security Policy On A Pc Or Ipad (For A Web Browser)

The PA-4000 Series can add visibility and control into your network for webmail applications to stop incoming threats and limit uploaded data.

The Increasing Risks from

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect

Top tips for improved network security

Providing Secure IT Management & Partnering Solution for Bendigo South East College

Controlling SSL Decryption. Overview. SSL Variability. Tech Note

11 THINGS YOUR FIREWALL SHOULD DO. a publication of 2012 INVENIO IT A SMALL BUSINESS WHITEPAPER

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

REPORT & ENFORCE POLICY

Fidelis XPS Power Tools. Gaining Visibility Into Your Cloud: Cloud Services Security. February 2012 PAGE 1 PAGE 1

Proxy Blocking: Preventing Tunnels Around Your Web Filter. Information Paper August 2009

Whitepaper: Understanding Web Filtering Technologies ABSTRACT

Applications erode the secure network How can malware be stopped?

Buyers Guide to Web Protection

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

White Paper. How to Effectively Provide Safe and Productive Web. Environment for Today's Businesses

Stopping secure Web traffic from bypassing your content filter. BLACK BOX

1110 Cool Things Your Firewall Should Do. Extending beyond blocking network threats to protect, manage and control application traffic

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Agenda , Palo Alto Networks. Confidential and Proprietary.

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Next-Generation Firewalls: Critical to SMB Network Security

Norton Mobile Privacy Notice

WildFire. Preparing for Modern Network Attacks

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Executive Brief on Enterprise Next-Generation Firewalls

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Hiding Tracks on the Net

App-ID. PALO ALTO NETWORKS: App-ID Technology Brief

Inspection of Encrypted HTTPS Traffic

Securing Endpoints without a Security Expert

How Web Security Improves Productivity and Compliance

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Content Security: Protect Your Network with Five Must-Haves

Mobile Security Solution BYOD

Top five strategies for combating modern threats Is anti-virus dead?

WHITE PAPER. Understanding How File Size Affects Malware Detection

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Performanta Pty Ltd. Company Profile. May Trust. Practical. Performanta.

INSTANT MESSAGING SECURITY

Security Practices for Online Collaboration and Social Media

Replacing Microsoft Forefront Threat Management Gateway with F5 BIG-IP. Dennis de Leest Sr. Systems Engineer Netherlands

Firewall and UTM Solutions Guide

Commissioned Study. SURVEY: Web Threats Expose Businesses to Data Loss

HTTPS Inspection with Cisco CWS

IBM Managed Security Services (Cloud Computing) hosted and Web security - express managed Web security

Managing Web Security in an Increasingly Challenging Threat Landscape

Guidance Regarding Skype and Other P2P VoIP Solutions

ACCEPTABLE USE POLICY

Lab Testing Summary Report

How Attackers are Targeting Your Mobile Devices. Wade Williamson

Move over, TMG! Replacing TMG with Sophos UTM

User Documentation Web Traffic Security. University of Stavanger

NetDefend Firewall UTM Services

What Do You Mean My Cloud Data Isn t Secure?

AccessEnforcer. HTTPS web filter overview

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media

Getting Started Guide

Internet Use Policy and Code of Conduct

SECURALIVE WEB SECURITY GATEWAY

Practical guide for secure Christmas shopping. Navid

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

Endpoint web control overview guide. Sophos Web Appliance Sophos Enterprise Console Sophos Endpoint Security and Control

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

What s Next for the Next Generation Firewall Vendor Palo Alto Networks Overview. October 2010 Matias Cuba - Regional Sales Manager Northern Europe

NetDefend Firewall UTM Services

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Reynoldsburg City Schools Computer and Technology Acceptable Use Policy Staff, Volunteers and Students

Transcription:

Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure Socket Layer (SSL), a transport layer encryption protocol that protects data against unauthorised access. In this manner, the financial information submitted during an online banking session is protected as it is sent from the user s client to the bank s server. However, not all of the content that s encrypted with SSL is benign. The content may be illegal, inappropriate or infected with malware and other threats that can harm the organisation s network, and without visibility into SSL-encrypted traffic, how can you protect the network against these threats? The purpose of this white paper is to help you understand the threats associated with SSL traffic and how to protect your network against them using Web content filtering.

INTRODUCTION Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure Socket Layer (SSL), a transport layer encryption protocol that protects data against unauthorised access. In this manner, the financial information submitted during an online banking session is protected as it is sent from the user s client to the bank s server. But this is just one example. According to Palo Alto Networks Application Usage and Risk Report, more than 40% of the 1,042 applications that were identified on enterprise networks in the study can use SSL or hop ports 1. In most organisations, traffic flowing through network port 443 the designated port for SSL traffic passes freely in and out of the network. The IT organisation lacks the ability to inspect and control SSL-encrypted traffic. And this is a problem. Not all of the content that s encrypted with SSL is benign. The content may be illegal, inappropriate or infected with malware and other threats that can harm the organisation s network. Without visibility into SSL-encrypted traffic, IT lacks the ability to protect the network against these threats. And while SSL-encrypted traffic is increasing, so are the threats it is transmitting. The purpose of this white paper is to help you understand the threats associated with SSL traffic and how to protect your network against them using Web content filtering. UPTAKE IN SSL TRAFFIC SSL offers a significant benefit to Web users and developers: it is a simple way to authenticate Web sites and Web servers, and protect sensitive data. As a result, SSL has made it safe for Web users to buy merchandise, file tax returns, pay bills, view medical records, order prescriptions, renew a driver s license and more all from the comforts of home or office desk. As we become more aware of the security risks involved in sending sensitive data online, be it intellectual property or personal information, we are becoming increasingly dependent upon SSL to provide protection. Thus, SSL traffic is increasing faster than ever before. Perhaps the most notable contributor to SSL traffic is cloud computing services. Public cloud service providers such as Salesforce.com and Google Apps use SSL to encrypt traffic as it travels to and from their servers in the cloud. Thus, corporate assets are protected as they are sent over the public network to and from these applications. We are not here to discuss the merits of cloud computing, but one thing is certain: its growth and thereby the increase in SSL traffic has no end in sight. More recently, security researchers have discovered that intermittent use of SSL to, for example, encrypt the authentication process when a user logs in to a Web site, but not to encrypt subsequent pages rendered during the user s session, leaves the user and network vulnerable to Web threats. This has led to the rise of Always On SSL and therefore an increase in SSL traffic. The idea behind Always On SSL is that SSL is used across an entire Web site so that users and networks are protected during the entire course of the visit. The Online Trust Alliance 2 has asked security, business and interactive advertising communities to adopt Always On SSL, and many are doing so. Twitter offers Always On SSL, as well as Google and Firefox (through an extension to the Firefox browser). Enterprises themselves are also adding to the amount of SSL traffic traversing the Web. SSL offers an easy way to encrypt traffic leaving the network to provide data security between remote locations, remote workers and mobile devices. Some enterprises use SSL to protect sensitive information even if it is staying on the corporate network. For example, it might be used to protect personally identifiable information sent between human resources and other departments. THREATS ASSOCIATED WITH SSL Ironically, even as we grow more and more dependent on SSL for protection, it is capable of harboring threats that put corporate networks at risk. Just as SSL hides sensitive data from the bad guys, it can also hide bad stuff from the good guys; i.e., your IT organisation. SSL can be used to hide malwareinfected Web pages, inappropriate content (like gambling sites and pornography), and non-business content (like Facebook and Twitter) all of which threaten employee productivity and impact your bottom line. Let s take a closer look at each of these threats. Of the Web sites that are used to spread malware or launch attacks against users, 90% are legitimate 3.

That means hackers are taking known and trusted Web sites, like your users favourite e-commerce sites, for example, and exploiting vulnerability within the code to infect the sites with malware. The malware infections are then hidden from security controls on the user s computing device and the corporate network because the Web page is encrypted with SSL. This is low-hanging fruit for hackers. Users already trust these sites because they have a relationship with the bank or retailer, and their data is being transmitted with the protection of SSL. What s not to trust? But the malware poses a significant risk to your users, their endpoint devices, your network and in extreme circumstances the reputation of your organisation. For example, spyware is a class of malware that self-installs on a computer without the user s knowledge. Spyware can infect a system through security holes in a Web browser. Once on the user s computer, it then collects sensitive information, such as the user s browsing habits, logins and passwords. This information is sent back to a hacker s server and can be encrypted with SSL as well so that it passes through the corporate network undetected. Phishing attacks are similar in that they collect the user s sensitive information and send the encrypted data to the hacker s server. However, in this case, users willingly divulge sensitive information. Phishing attacks often come in the form of a legitimate-looking email or Web page from an online entity with whom the user does business. For example, it might be an email seemingly from an online auction service prompting the user to login and update his/her credit card information. When the user submits the sensitive financial information, it is actually sent to the hacker not the business the message purported to be from. SSL can also be used to hide content that users have no need for in the workplace. Individual social media sites like Facebook and Twitter, for example, offer users the option to select Always On SSL. Web-based email services such as Yahoo and Gmail also employ SSL. These Web sites pose a threat to employee productivity. Independent studies show that on average the standard employee wastes more than 2 hours per day browsing non-business related Web sites 4. At the end of a week, your organisation has paid each employee a full day s salary to surf the Web. There are other sites which are not only a misuse of resources for personal purposes, but that are completely inappropriate for the workplace or education establishment. Gambling, pornography, and discriminatory sites have no place and in fact, they can put your business at risk of legal action. This is because you may be liable for the information that enters and resides on your network and many of these sites may use SSL to bypass traditional security controls. Even those sites that don t directly use SSL can be accessed in a manner that allows them to go through network gateways undetected. SSL anonymous proxies allow users to surf the Web for content that is prohibited by your acceptable use policies. SSL proxies such as Ultrasurf and Hotspot Shield (which are free to download) allow users to launch a client that establishes a secure VPN tunnel, thereby allowing users to bypass Web filters. These are similar to the tried-and-true anonymous proxies that users (and in particular students) have been using for years. But now users are browsing the Web over a secure connection where the traffic is being encrypted. THE PROBLEM: PAST SOLUTIONS DON T WORK As previously mentioned, SSL traffic freely passes through network gateways and past security controls. And that s the problem. Intrusion-detection systems, intrusion-prevention systems even traditional Web filters do not decrypt SSL traffic. If the traffic is not decrypted then it cannot be scanned for malware or to determine whether it complies with acceptable use policies. You might consider adding SSL proxies and SSL-encrypted Web sites to a Web filter database. But traditional Web content filters that rely on a database alone simply don t work. They are rendered ineffective due to the sheer size of the Web. Consider the largest Web filtering database available today. The vendor boasts that it has 180 million URLs classified in its database. The last effective count at the time of this writing undertaken by Google puts the number of URLs on the Web as at least 1.3 trillion 5. That Web filtering database contains less than 1% of the web s URLs. It simply can t keep up. Another issue for Web filter databases is the dynamic nature of Web content. You can t rely on content to remain nstant from one point of access to the next. Clearly, it s time to look for a new solution to Web content filtering; one that can not only keep up with the ever growing body of Web content, but one that can also mitigate the threats posed by encrypted traffic.

A WEB CONTENT FILTER FOR THE 21ST CENTURY An effective Web filter doesn t depend solely on a URL database to protect users and corporate networks. Today s Web filters use advanced text analysis and classification technology to categorise content in real time before it s allowed or denied. In this manner, the Web filter doesn t have to keep up with every new URL that goes live on the Web. Some Web filters also decrypt SSL traffic so that malware and inappropriate content can be blocked before it hits the network. As you begin evaluating Web content filters, there are several factors to consider. To begin with, look for a solution that offers a multi-tiered approach to Web filtering that includes real-time analysis and categorisation of content. This is the only way to make sure that you know what content is entering the network. At the same time, an optimised URL database of the most frequently accessed URLs can help to enhance the overall performance of the solution. An enterprise grade Anti-malware solution incorporated in the solution is also beneficial, as it will help minimise the volume of endpoint infection. Of course, you also want to look for a Web filter that offers ease-of-management features. These include the ability to allow or deny traffic to groups of users, the ability to delegate administration to other IT personnel, a built-in Web reporting application that displays information in a clear and concise way, and the ability to access detailed logs. This last point is especially important for forensics. Some Web filters are not accurate enough to show what users have attempted to access. Look for a Web filter that logs what content users have attempted to access, what they successfully accessed, the IP address they accessed it from and the date and time of access. All of this detail is necessary to paint an accurate picture of the user s actions. CONCLUSION The same protocol organisations and users trust to protect sensitive and confidential information has been embraced by hackers to get around traditional security controls. Allowing SSL traffic in and out of the network without inspection puts users, the network and your business at risk. And with the advent of cloud computing, Always On SSL and anonymous proxies the amount of encrypted Web traffic grows by the day. Manual categorisation of Web pages is no longer enough to effectively manage the risks these developments pose. Instead, organisations require a solution which can provide genuine real-time categorisation of requested pages, offering IT departments the reassurance they need that their network is secure. 1 Palo Alto Networks, Application Usage and Risk Report (8th Edition, December 2011). http://www.paloaltonetworks.com/literature/forms/aur-report.php/ 2 Online Alliance Trust, Always On SSL Threats. https://otalliance.org/resources/aossl/index.html 3 Symantec, Web Threats 2010: The Risks Ramp Up. http://downloads.messagelabs.com/dotcom/whitepaper_web_threats_2010_emea_uk_june10.pdf - 4 America Online and Salary.com Survey, http://www.salary.com/wasted-time-at-work-still-costing-companies-billions-in-2006/ 5 http://thenextweb.com/shareables/2011/01/11/infographic-how-big-is-the-internet/

ABOUT BLOXX Bloxx provides Web and E-mail filtering solutions to thousands of organisations around the globe. We have an in-depth understanding of the unique challenges faced by educational establishments. Bloxx uses unique patented Tru-View Technology (TVT) to analyse and accurately categorise webpages being requested in real-time. With unsurpassed flexibility in deployment, Bloxx Web filtering lets you quickly and effectively roll out 1-to-1 learning programmes and easily manage BYOD Web traffic. Available as hardware and virtual appliances, Bloxx filtering easily scales to meet your current and future requirements and our dedicated web reporting appliances ensure you can store years of traffic logs. In addition, our unique approach to licensing lets you decide the most cost-effective approach for your deployment which means you don t end up paying for expensive licenses you don t actually need. To find out more about Bloxx content filtering and security, email info@bloxx.com, visit www.bloxx. com, or chat to us on Twitter or Linkedin. t. +44 (0)1506 426 976 e. info@bloxx.com w. www.bloxx.com Copyright 2015 Bloxx Ltd. All rights reserved. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Bloxx. Specifications are subject to change without notice.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information