Making SSL More Secure

Radware is introducing a new version of its DefensePro switch that's designed to inspect, analyze, and clean up encrypted SSL traffic before it enters a company's network.
Secure Sockets Layer, one of the leading security protocols on the Internet, is used by many Web sites and other businesses to validate the identity of a Web site and set up an encrypted communications connection. But SSL itself may post a security threat in some cases, according to networking and security vendor Radware Ltd.

Radware next week will introduce an enhanced version of its DefensePro switch that's designed to inspect, analyze, and--when necessary--clean up encrypted communication before it enters a company's network. For Radware's approach to work, however, a customer has to name the DefensePro switch as a proxy and give it permission to intercept the communications traffic.

DefensePro 2.4 is designed to stop hackers from using an SSL-encrypted communications "tunnel" to gain access to a network and infect it with malicious software. It aims to solve a weakness in SSL, which lacks a controller and doesn't provide the ability to know the content of the encrypted information coming into a network. That's important because many E-mail systems, VPNs, and Web sites use SSL. Since SSL doesn't authenticate the sender, companies don't know who's trying to gain access to their networks.

DefensePro provides the ability to inspect SSL-encrypted sessions, a wizard for quick and simple installation, and statistics reporting. Security administrators can see the country of origin for traffic, drill down for more details, and produce user-defined reports. DefensePro 2.4 will be available June 6 for $25,000.

For DefensePro to work, customers have to name Radware as their proxy, giving the vendor the necessary digital certificate for receiving the encrypted data, reading it, and cleaning it, says Charles Kology, an analyst at IDC. "Companies need to make sure the SSL link isn't going to infect the network," he says. "Too many hackers are creating secure tunnels as attack vectors."

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing