Myths and misconceptions about SSL

SSL is a well-known protocol for  data encryption when browsing the internet. The abbreviation SSL stands for Secure Sockets Layer. SSL is a secure layer between a server and an internet browser. However this security can create a misplaced sense of security.

Nowadays we already use the modern version TLS (Transport Layer Security). SSL certificates use the HTTPS protocol of the browser to establish a secure connection. The website visitor is assured that the server found is authenticated and that data exchanged with the website is encrypted.

Now that SSL (or actually TLS) has become the standard protocol cyber criminals increasingly use encryption to conceal their attacks. Cyber criminals can used this because SSL certificates, which were difficult to obtain in the past, are now widely available and are sometimes even free of charge.

The dangers of SSL certficates

The browser shows the presence of an SSL certificate with a HTTPS domain name (instead of just HTTP) and also a green lock in the browser address bar. However the HTTPS protocol gives an unjustified sense of security. When the small green lock is in front of the address bar, many people believe that the website they visit is completely secure. This is partly due to the fact that tips for safe internet use often make users pay attention to the green lock. However that green lock does not guarantee that the website is safe. It only shows that the transmission mechanism of the website is secure which means that the ‘tunnel’ which transfers the data between you and the website is encrypted.

SSL ensures that all data transferred is private and encrypted. However the endpoint security software generally does not decrypt SSL traffic. The security software only checks whether there is an encrypted ‘tunnel’ and any malware will go unnoticed when distributed via a HTTPS connection. This is a major threat to users who assume that websites with a green lock are completely secure. The HTTPS protocol does not protect against downloading infected content or opening a malicious link via a secure connection.

Article continues under image

Myths and misconceptions about SSL

Protect your organisation and employees

As an organisation it is not enough to simply rely on SSL (TLS) certificates to keep your business IT environment free from  cyber threats. When protecting your organisation it is crucial that you start with protecting the privacy and security of employees on the web. They are after all always the largest resource of an organisation. Protecting your employees starts with mapping the dangers that users are exposed to online. The only way to do that is by decrypting SSL traffic.

Decrypting of web traffic is not part of the functionality of most standard endpoint security software so this must be resolved in a different way. Often dedicated hardware is used for decrypting SSL traffic and then re-encrypts the data. Decrypting SSL traffic is a very intensive job which makes wise to make the transition to the cloud. The cloud is very scalable which in view of the ever-growing number of threats might will be vital in keeping your organisation safe.

Tech-Wales security services

At Tech-Wales we are dedicated to keeping your organisation safe. We can provide endpoint security to prevent cyber attacks and malicious downloads. Cyber security is a vital part of keeping your organisation, data and valuable documents safe from hackers. We also provide excellent cloud computing services to make your business IT structure more flexible. Contact us today to start working in a safe IT environment.