When Implementing New Security device on the Network - Decrpyting OpenSSL to overcome HeartBleed
You are here
In the wake of the HeartBleed Secure, many web sites and web applications that use the SSL encryption were under attack and many didnot know what to do.
SSL encryption, especially services using OpenSSL, was brought into the spotlight more than ever this year. As we all know, the Heartbleed vulnerability (CVE-2014-0160) gave cyberattackers a new weapon in their arsenal of tricks, allowing them to siphon off data from clients and servers around the world – including those within an enterprise itself.
In Makerere many of our sites run OpemSSL as well and it happened and quite a number were unaware.
The hackers use use SSL protocols in Webmail applications to hide attacks from network security measures. Then, once the attacker has established an initial foothold on the network, they will deploy malware and move through the “squishy center” of an organization towards valuable intellectual property. Once identified, they will then use SSL encryption to hide the movement of stolen data off the network. In light of this situation, selective SSL decryption should be a requirement for your enterprise security architecture going forward.
So while SSL decryption is necessary for maintaining network security, security/Network admins are going to have to establish strict rules about how they handle decrypted data.
Here are a few things to do when Implementing a new Security Device on a Network, it could be within any different unit.
- Are my employees using applications encrypted with SSL that could be used to deliver threats?
- Can the device natively decrypt SSL traffic, especially in light of the growing number of threats coming into organizations via common Webmail applications?
- Can you apply selective SSL decryption for only the traffic you want to examine?
- Can I decrypt SSL without compromising the security or privacy of traffic?
With enterprises and consumers(users) becoming increasingly aware of online security, it follows that the more and more applications will start using SSL and potentially be vulnerable to Heartbleed. A well-prepared enterprise security strategy will take this likelihood into account and implement SSL decryption.