Security has become a major issue for everyone by now. Be it security in your own country, at home, or in daily communication via the Internet. When we feel safe, we can go about our lives without worries. When it comes to daily communication via the Internet, the word “encryption” is frequently heard. Does encryption really provide protection against curious pilferers, or does it merely give us a feeling of safety while cybercriminals use it as a hidden back door?  

Encryption explained in simple terms

The encryption of Internet connections has apparently been well received by the public for years already: according to Google, 80 percent of all websites are already protected. Many messaging services also now rely on encrypted communications. But how are data streams encrypted in the first place?
 
Explained in simple terms: The term SSL/TLS encryption is often mentioned in relation to this topic. Laypersons do not necessarily understand what this means. The term here refers to transport encryption. This means that the data itself is not encrypted, but is transmitted through an encrypted channel. Before the message is transferred, the communicating servers agree on an encryption standard, also referred to as the Cipher Suite. Consideration is always given to the mutually highest encryption standard for the negotiation. The goal is that only these two servers can exchange data with each other. Whether or not a website offers this kind of transport encryption has been easy to determine ever since the secure hypertext transfer protocol was introduced: If the URL starts with an “https:”, the website is encrypted. Other indicators are a lock and the green mark. If, for example, a user logs onto a website as shown in the displayed image, the entered data is forwarded to the destination server via an encrypted channel that confirms the correctness or the identity of the user.      

Source: Amazon

 

SSL and TLS – which is which?

TLS is the successor to SSLv3. The slightly improved TLS 1.1 version has, however, not been successful on the market. The significantly more relevant 1.2 version, which Hornetsecurity has already been supporting for years, offers decisive added security value with, among other things, Perfect Forward Secrecy (PFS) and the corresponding Cipher Suites (Elliptic Curve, Diffie Hellman), given appropriate and secure server configuration. Hornetsecurity can even restrict TLS communication to Secure Cipher Suites and Trusted Certs to raise the security level even higher.     The 1.3 version of TLS can currently be viewed as a working draft at https://tools.ietf.org/html/draft-ietf-tls-tls13-11. This version is expected to include major changes and improvements in the cryptographic hash functions and the handshaking protocol. From a security point of view, it will be good if TLS 1.3 is distributed more quickly after final release than was the case with TLS 1.2, which has been available since 2008.  

The back door for malware?

Data streams encrypted via TLS/SSL thus cannot be viewed by third parties, which makes sense after all. On the downside, this allows the undetected transmission of malicious code, since there is no intrinsic analysis for malware.   To counteract this, so-called SSL scanning can be used. Here the connection is interrupted and a fake server certificate, by which the target server is authenticated against the user’s server, is implanted. This approach is comparable to a man-in-the-middle attack. The problem with this method is that third parties can read the unencrypted content. To ensure the browser does not take this as an attack, a one-time incorporation of the root certificate of the runtime-generated certificate for the requested website in the browser’s trust store is required. This is done automatically in large companies via software distribution. SSL scanning or “https breaking” may constitute a conflict between data security and data protection. If companies intend to use SSL scanning, therefore, they should protect themselves legally in advance. Very often companies do not use this method of analyzing encrypted connections. On the one hand, for reasons of data protection; on the other hand, the computational effort required has till now been too high and too costly. In recent years, however, the overhead (computational effort) incurred by encrypting and decrypting the data, as well as negotiating the connection parameters for TLS, has been drastically reduced by targeted hardware and software measures.   Originally at a level of up to 20 percent, today, given appropriate configuration, it is in the low single-digit percent range, for example with CPU surplus load.   On the hardware side, more powerful CPUs complemented by appropriate computing operation units (e.g. for AES) are now standard for servers, enabling many decryption operations to be executed in parallel and in a high-performance manner.   Many global software libraries have now enormously accelerated the decryption and reduction of network latency, which, given appropriate server configuration, can significantly reduce the overhead.   The website categorization used in the Hornetsecurity web filter is a secure alternative to SSL scanning. It deliberately refrains from breaking up the encrypted channel, since the fine-grained classification of the websites helps minimize the risk using appropriate policies. All the websites are classified into categories. The basis for this is the user-accessible content on the website. Assigning a website to a category gives it a sort of rating. This rating provides information on whether or not it is a safe website. Based on this rating and the preconfigured policies, the web filter service either blocks the requested website and the user receives a warning page, or it is delivered and displayed.     With the help of the categories and other features, company compliance policies can be implemented at both the user and group or enterprise level. This allows administrators to block certain content or allow the use of social networks only during the lunch break. Hornetsecurity also offers its customers SSL scanning as a supplement to its comprehensive web filter service. IT administrators can activate it on their own.    

Conclusion

Encryption is positive and recommendable, in principle. The security aspect, however, should not be neglected, as encrypted connections do not automatically guarantee protection against malware. Encryption poses a threat to companies only when this aspect is given little or no consideration. It is therefore advisable to regularly examine the encrypted connection and develop a watertight security concept. While web filter categorization provides options for protecting web traffic even when using encrypted connections, the “https breaking” method can also be used on request. Hornetsecurity offers both methods. Most customers make rather sparing use of SSL scanning, since the fine-grained categorization described above provides significant added value.  

Curious? Additional information: