The omnipresent SSL (Secure Socket Layer) which is supposed to offer a secure channel to transmit sensitive data across the Internet, may actually be opening up a gaping hole in your network security. This was the surprising bit of information was . . .
The omnipresent SSL (Secure Socket Layer) which is supposed to offer a secure channel to transmit sensitive data across the Internet, may actually be opening up a gaping hole in your network security. This was the surprising bit of information was delivered to the attending bankers on the second day of bank.net event here in Mumbai by Udi Segall, Marketing Product Manager Radwell.

According to Segall, SSL does two things - one it authenticates the identity of the server, and optionally the client as well. And second, it creates a secure tunnel between the client and the server. The problem here is that once a secure link is created, it is assumed that the client connecting to the server is genuine (because he has been able to successfully login). Since the SSL traffic is encrypted, it cannot be analyzed by IDS and IPS (Intrusion Detection Systems and Intrusion Prevention System) system.

The link for this article located at CXO Today is no longer available.