The rising use of SSL raises new risks

As more applications employ Secure Sockets Layer encryption, a certain amount of traffic visibility is lost, making it more challenging to vet those bits for viruses, worms, and other malicious payloads.

As more applications turn to SSL to help keep users secure, they may also be inadvertently hampering the ability of enterprises to ensure malicious code and exploits are not slithering through network traffic from the endpoint.

According to The Application Usage and Risk Report conducted by Palo Alto Networks, applications using SSL represent 25 percent of the applications examined and 23 percent of the overall bandwidth used by applications in its study. To compile the report, the security vendor analyzed the traffic of 1,253 organizations and a viewed more than 28 exabytes of data between October 2010 and April 2011.

The report predicts that applications that use SSL will continue to grow in size, as more applications follow the relatively recent lead of Twitter, Facebook and Gmail, which have all recently set SSL either as a standard setting or as a user-selectable option.

However, with the additional security come potential tradeoffs.

"Lack of visibility into encrypted traffic has long been a concern to security professionals, particularly those who focus on analysis of network content for potential threat activity," says Scott Crawford, managing research director at Enterprise Management Associates. "Some have even voiced concerns that technologies that automate the application of security, such as content security that enforces an SSL/TLS connection for outbound content to protect sensitive information, can actually have the effect of hiding a threat should attackers be able to manipulate the systems to conceal malicious activity."

The report also found that, along with the growth of social networking, Webmail and Instant Messaging are still growing strong. Compared to a year ago, Instant Messaging traffic has doubled, while Webmail and social networking have grown about 5 fold.

Users are also using a mix of ways to share files, Palo Alto's numbers show. File Transfer Protocol, Peer-to-Peer networking, and browser based file sharing are used with 92 percent, 82 percent, and 91 percent frequency, respectively.

With the rise of applications using encryption, what steps can enterprises take to protect their infrastructure? "Technologies that detect botnet activity can correlate attempts to connect with network nodes identified as compromised, malicious, or recognized points of command-and-control, regardless whether the attempt seeks to encrypt traffic," says Crawford.

Another method is to turn to proxies as a type of traffic cop to inspect traffic to some degree. "These can be complemented with policies that restrict or block encrypted traffic that doesn't pass through 'official' channels. However, some of these strategies may be limited in their usefulness if legitimate traffic cannot be directed through these accepted channels or unauthorized traffic cannot be sufficiently restrained," he says.

And if those policies appear overly draconian -- users still have other ways to transfer files, such as using cellular networks, Crawford explains.

George V. Hulme writes about security and technology from his home in Minneapolis. He's been known to send some fairly cryptic Tweets from his account @georgevhulme.

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies