Discover Network Security News
SSL: Not So Secure For Network Security
According to Segall, SSL does two things - one it authenticates the identity of the server, and optionally the client as well. And second, it creates a secure tunnel between the client and the server. The problem here is that once a secure link is created, it is assumed that the client connecting to the server is genuine (because he has been able to successfully login). Since the SSL traffic is encrypted, it cannot be analyzed by IDS and IPS (Intrusion Detection Systems and Intrusion Prevention System) system.
The link for this article located at CXO Today is no longer available.