SSL – the good, the bad and the visible

The explosive growth in the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) encryption, or HTTPS traffic, has been both a bane and a boon to internet usage.

Secure communications on the internet for web browsing, e-mail, instant messaging, e-commerce, online banking and other data transfers that businesses conduct daily would not have been possible without the SSL security protocol and its successor TLS.

SSL secures the transmission of sensitive data such as credit card numbers, social security numbers and login credentials, by encrypting the link between a server and a client. Running on the TCP/IP connection protocol, SSL underpins application protocols such as FTPS and the HTTPS.

The good

SSL technology has paved the way for organizations – especially in highly regulated industries such as government, financial and healthcare – to adopt BYOD and mobile technologies securely, keep rapidly growing mobile workforces productive with secure remote access, and ensure compliance with industry and government regulations.

Dell Security’s SonicWALL Secure Mobile Access (SMA) platform, for example, combines SSL virtual private network (VPN) and proxy techniques with emerging HTML5 and per app VPN technology so that IT administrators can quickly provision granular policy-based access control and extend role-based privileges for mobile and remote users.

The bad

But while SSL technology helps to protect data sent between web servers and client browsers, it also enables skilled hackers to cipher command and control communications and hide malware within encrypted SSL traffic.

The 2016 Dell Security Annual Threat Report shows a 50% surge in encrypted traffic with HTTPS connections (SSL/TLS) in 2015, making up an average of 64.6% of web connections and outpacing the growth of HTTP throughout most of the year. In North Korea, HTTPS made up 81.6% of web connections in 2015 but only 34.4% and 8.63%, respectively, in South Korea and China.

The bad news is that many organizations must now assess their legacy network security solutions’ ability to inspect SSL/TLS-encrypted traffic without slowing down the network. Even next-generation firewalls (NGFWs) have often suffered performance penalty as high as 81% when establishing a secure connection and decrypting and re-encrypting HTTPS traffic for a secured data exchange.

The visible

The goal for organizations then is to harness the security benefits of SSL/TLS encryption without providing a way for attackers to evade intrusion prevention and anti-malware systems or slowing down networks. Dell has responded to this challenge with network security solutions that provide efficient deep packet inspection (DPI) of encrypted SSL traffic, regardless of the port being used or the file size, as well as improved troubleshooting, better scalability and better certificate support.

Dell Security’s SonicOS 6.2.5 firmware, which drives the Dell SonicWALL SuperMassive, NSA and TZ Series firewalls as well as Dell switches and wireless access points, checks these boxes. It delivers real-time SSL decryption and inspection; improves troubleshooting for encrypted connection failures; and increases connection counts on encrypted HTTPS sessions with support for TLS 1.2 and SHA256 cryptographic hash functions.

Such capabilities have won Dell Security the US Department of Defense Unified Capabilities Approved Products List certification for its SonicWALL NGFWs.

After installing two Dell SonicWALL NSA 3600 firewalls in a high-availability pair and SonicWALL TZ300 firewalls for remote office connectivity, Mark Burke, CIO at Accelerated Technology Laboratories, finds that the SonicWALL NSA 3600 is more sophisticated and offers more powerful security than its predecessor, while increasing throughput for its employees.

“It gives us a well-rounded network security solution,” he says. “We use VPN, SSL VPN and other remote access technologies to create secure connections for our off-site staff and customer-facing demo environments.”

Power to deliver

The processing power of multi-core security processors and Dell’s patented Reassembly-Free DPI (RFDPI) engine allow Dell SonicWALL NGFWs to scan every byte of every packet on all ports and protocols with almost zero latency. The RFDPI helps to decrypt, inspect and analyze encrypted SSL traffic to detect and prevent advanced evasion techniques at all layers of the network stack.

Meanwhile, the Dell SonicWALL SuperMassive E10000 Series firewalls, which recently earned the coveted Recommended rating in the NSS Labs Next-Generation Firewall Security Value Map for the fourth consecutive year, uses the RFDPI engine to fully inspect both plain text and SSL encrypted traffic, even in multi-gigabit networks.

“Dell Security has regularly submitted the Dell SonicWALL SuperMassive E10800 for testing, and this NGFW has received the NSS Labs Recommended rating four years running, proving effective against all evasion techniques tested,” says Mike Spanbauer, vice president security of Test & Advisory at NSS Labs.

This is a QuestexAsia feature commissioned by Dell Security.