Any data that travels across the Internet in an un-encrypted form can be intercepted and read by anyone with access to one of the networks that it passes through. This applies to activities such as Web browsing, e-mail, Internet faxing, instant messaging and other data transfers.
The data might pass through hundreds of networks, giving would-be attackers - including hackers and malware generators - ample opportunity to illegally acquire passwords and other intellectual property belonging to an organisation.
Even data travelling between a client and server system on a local area network can easily be intercepted. In fact, any link via a telecommunication network, FTP or POP3 server is risky unless adequate security precautions are taken.
This is where the role of the Secure Socket Layer (SSL) protocol becomes important. SSL allows clients (user workstations) and servers to authenticate themselves to each other, so that a client can be sure it is actually connecting to the host that it is targeting.
This is achieved using 'certificates' which are issued by an authority recognised by the client (thus enabling verification) and associated with a particular host name.
Without certificates, an attacker could re-direct an SSL connection to his or her own server and capture sensitive information from a client who erroneously believes it is linked to the appropriate server.
Interestingly, the SSL protocol was originally developed by Netscape Communications, well known for its (now defunct) Netscape browser. The company's major goal was to provide privacy and reliability between two communicating applications and prevent eavesdropping, tampering or message forgery.
Another goal was to make SSL extensible. In other words, to provide a framework that allows new public-key and bulk encryption methods to be incorporated as necessary.
Two layers
Even data travelling between a client and server system on a local area network can easily be intercepted.
Mike Hamilton is MD of Channel Data.
SSL is a layered protocol. It has two major layers: The SSL Handshake Protocol and the SSL Record Protocol. The latter is responsible for encapsulating information of higher-level protocols.
The Handshake Protocol, which also makes use of the Record Protocol, is responsible for server and client authentication, as well as the negotiation of an encryption algorithm and cryptographic keys.
A cryptographic key is a set of instructions that governs an encryption or decryption algorithm. Usually, the encryption and decryption algorithms are generally known and the key - a string - is kept secret, thus making the communication secure.
Some early implementations of SSL used 40-bit symmetric keys because the US government placed restrictions on the export of cryptographic technology.
Symmetric cryptography refers to encryption algorithms that have an inverse decryption algorithm which uses the same cryptographic key. This means that with symmetric cryptography, one needs only a single key for both encryption and decryption, using the inverse of the encryption algorithm for decryption.
Readers with long memories will remember a similar limitation being applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of cryptographic products with longer key sizes produced outside the US, the authorities relaxed some aspects of the export restrictions.
Applications
One common use of SSL today is to secure Web HTTP communication between a browser client and a Web server, which is called HTTPS.
Another usage of SSL is within e-mail applications that use IMAP - Internet Message Access Protocol.
Significantly, most current Web browsers and mail clients can make SSL-encrypted HTTP, POP3 and IMAP connections, but not all Web and POP3 servers can accept them.
POP3, in particular, is hard to protect, because the standard server that comes with most Unix systems does not support SSL at all. Fortunately though, there is a solution - the Secure Socket Tunnelling Protocol (SSTP).
SSTP creates a virtual private network (VPN) tunnel that travels over Secure-HTTP, eliminating issues associated with VPN connections that can be blocked by some Web proxies, firewalls and network address translation routers that sit between clients and servers.
Cloaking mechanism
Unfortunately, with SSL communications now representing a significant and growing percentage of corporate Internet traffic, hackers - notably phishers - are increasingly deploying sophisticated attacks that employ SSL explicitly as a cloaking mechanism.
Industry watchers have noted that employee use of rogue applications or anonymous Web surfing encrypted in an SSL session is a growing problem, together with encrypted malware, including viruses and spyware, which can infiltrate corporate networks via SSL tunnels.
The bottom line is that companies should use proxy appliances which can terminate application protocols and, in so doing, provide a comprehensive understanding of the user-to-application interaction.
Such proxies must provide IT managers with the power to define, enforce and audit intelligent policy controls over user/application interactions.
* Mike Hamilton is MD of Channel Data.
Share