Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: Network>>>>>Feature>

PREVIOUS

Filtered Articles:6 of 215   Current Article ID:5334

NEXT



The hidden risk of HTTPS

Editorial Type: Feature     Date: 03-2015    Views: 2153   







HTTPS network traffic is increasing, and if you’re not prepared then your network is at risk. Corey Nachreiner, Director of Security Strategy at WatchGuard explains.

It may seem paradoxical to suggest that HTTPS could put your entire network at risk because it is, after all, a good thing. We mostly know that if you want to do anything privately and securely online then HTTPS is the answer, because it is the secure version of the Hypertext Transfer Protocol (HTTP). It becomes secure through the use of the SSL/TLS protocol and encrypts web traffic, which in turn shields communications from snooping eyes.

Security professionals have always wanted more web applications to use HTTPS. Well, according to a recent paper, 'The Cost of "S" in HTTPS', 50 per cent of web traffic flows are secure and many of the biggest web sites have adopted HTTPS as their default, including Google, Facebook and YouTube. Furthermore, browser vendors like Google have started to consider marking all non-HTTPS pages as non-secure.

There are many factors driving this surge in HTTPS, but I suspect the 'Snowden effect' is the main one. The classified documents leaked by Snowden highlighted the man-in-the-middle (MITM) risk and seemed to prove that governments have been actively participating for years. Perhaps now that we know someone is watching we're at last taking privacy a lot more seriously.

In this context the increase in HTTPS traffic is a good thing. However, it conceals two hurdles that could significantly affect security. Firstly, bad guys can and do use HTTPS and secondly, it can introduce new performance bottlenecks.

The same HTTPS features that benefit you can also benefit hackers. Attackers want to hide their communications, whether its malware downloads or the command and control (C&C) channels to call home: HTTPS provides a very effective mechanism for doing that. This is because HTTPS is essentially a black hole in your network security and not present to visibility tools.

This is why it's more important than ever to take steps to secure HTTPS. You need security controls that can see inside HTTPS communications and run security scans including IPS, antivirus and others.

There is a solution. Many modern network security controls like UTMs, Next Generation Firewalls (NGFW) and other security proxies have HTTPS application layer gateways or deep packet inspection capabilities. Essentially, they perform a friendly MITM attack on HTTPS, temporarily decrypt it, and run security scans. The appliance then re-encrypts the traffic and passes it on. These devices require acceptance of a digital certificate to retain the HTTPS connection. In short, they will find maliciousness in otherwise undecipherable traffic without invading privacy. However, securing HTTPS comes with a cost. Using encryption consumes computing resources and increases traffic.

Some security controls can decrypt HTTPS traffic but this might double the HTTPS overhead. Inline security devices have to decrypt and re-encrypt before passing traffic on. Furthermore, if you have separate controls for each layer of security - such as IPS, AV and C&C detection - each of them takes the HTTPS DPI performance hit every time, significantly slowing traffic. If 50 per cent of Internet traffic is HTTPS, that's quite a bottleneck.

One of the benefits of UTM and NGFW appliances designed to handle the HTTPS load is that their security layers are applied at one place, and only need to decrypt HTTPS traffic once. To make sure your appliance can handle the load, you need to pay attention to performance with all the security services turned on, including HTTPS DPI. Only then will you find whether it can handle and secure the explosive surge in HTTPS.

While our increased use of HTTPS is fantastic for improving web security, you need to be sure your security controls can actually find threats inside HTTPS and keep up with the increased HTTPS load that the Snowden effect has unleashed.

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT