PRO+ Premium Content/Information Security

Thank you for joining!

Access your Pro+ Content below.

September 2017, Vol. 19, No. 7

HTTPS interception gets a bad rap; now what?

This article is part of the Information Security issue of September 2017, Vol. 19, No. 7

In March, the United States Computer Emergency Readiness Team issued an Alert (TA-17-075A) notifying security managers that "HTTPS Interception Weakens TLS Security." Secure internet communications that adhere to privacy and data protection standards may mean that enterprises continue to have a blind spot when it comes to encrypted traffic. To detect malicious software or illegal user activities, network security gateways with HTTPS inspection have provided companies with a way to monitor inbound and outbound internet traffic that Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption protects. But interception of TLS connections by firewalls, antivirus products and other security tools can introduce vulnerabilities that companies generally remain unaware of, according to researchers. "To put it bluntly, this is not good," said Johna Till Johnson, CEO and founder of Nemertes Research, in an April 2017 blog that looked at the issue. "There's really no point in deploying security products and protocols if you ...

Access this PRO+ Content for Free!

You forgot to provide an Email Address.
This email address doesn’t appear to be valid.
This email address is already registered. Please login above.
Please provide a Corporate Email Address.
You forgot to provide your first name.
You forgot to provide your last name.
You forgot to provide a job title.
You forgot to provide a company name.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Features in this issue

HTTPS interception gets a bad rap; now what?
by Kathleen Richards
Should products intercept Transport Layer Security connections to gain visibility into network traffic? A new study by researchers and U.S.-CERT warn against it.
Why WannaCry and other computer worms may inherit the earth
by Adam Rice
A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission.

Columns in this issue

A damaging spring of internet worms and poor performance
by Kathleen Richards
Security is a hot topic for media outlets that report on stock markets as companies founder on corporate earnings. The financial fallout of global malware is a call to action.
From security product marketing to CEO: Jennifer Steffens
by Marcus J. Ranum
The CEO of a global pen tester used to work for the New York Yankees. Find out how Jennifer Steffens went from sports marketing to head of a security service provider.

View Information Security Archives

Access your Pro+ Content below.

HTTPS interception gets a bad rap; now what?

Features in this issue

HTTPS interception gets a bad rap; now what?

Why WannaCry and other computer worms may inherit the earth

Columns in this issue

A damaging spring of internet worms and poor performance

From security product marketing to CEO: Jennifer Steffens