CacheGuard Appliance
Network Security and Optimization
Network Security and Optimization
SSL is vulnerable to man in the middle attack. This means that an attacker can transparently relay the traffic between you and HTTPS servers without you being aware of it. Actually your security depends on the integrity of your browser and more particularly on the integrity of its CA (Certificate Authorities) database. If a malicious guy having an access to your device installs its own CA on your browser, all those security precautions become useless! Someone might say that nobody is allowed to have an access to my PC except me! OK, let's just suppose that you are right because we don't want to expose here all the existing hacking methods to gain access to your PC. At this point you tell yourself, well my privacy is respected in some way. But, don't be so sure again because things are worse!
Have you ever heard about transparent proxies? Or even worse SSL mediator transparent proxies? An SSL mediator transparent proxy is capable to transparently intercept HTTPS traffic, decrypt its content, re-encrypt it with a dynamically generated SSL certificate signed with a private CA certificate an finally forward the traffic to a user. If that private CA certificate is installed on your browser you will continue to see the green lock icon giving you the impression of being secure. Now imagine that your ISP transparently intercepts your HTTPS traffic and for one reason or another a public CA is obliged to cooperate with that ISP to sign dynamically generated certificate (by disclosing its private key used to sign certificates). This way, there is no need to gain access to your PC to be able to install a CA root certificate. You continue to see the the green lock icon but all your encrypted traffic have been already disclosed by your ISP. Well, do you still think that HTTPS is secure?
Here you can see an SSL mediation demonstration: https://www.youtube.com/watch?v=2sFDB0ePtog
Honestly, the exposed situation is an extreme case and it wouldn't happen to you in normal circumstances. Now, let me know to expose all benefit of the SSL mediation. To begin with, a large majority of editors that provide SSL mediation facilities, call it SSL inspection because simply it sells more. Actually by intercepting SSL encrypted traffic you are capable to inspect its content and block all dangerous contents such as worms and viruses. Without the SSL mediation, an antivirus installed at the gateway can't detect a virus signature because it's in an encrypted format. The darknet (the dark side of the Internet) is full of malicious contents that can severely harm your activities. Without the SSL mediation you are unable to detect them before they can enter into your networks and that's why an SSL mediator gateway can help.
An additional benefit of the SSL mediation is the possibility to cache the HTTPS content. If you are located in a zone where you need to save your precious bandwidth, the caching of bandwidth consuming traffic in an encrypted format (HTTPS) is full of meaning. YouTube, FaceBook, Amazon, Google all use HTTPS.
To conclude, my opinion is that HTTPS is necessary, an SSL inspection/mediation facility that you manage yourself is better. But for your applications that require a very high level of security just don't use SSL and prefer end to end security facilities such as PGP. increasing the security of our IT infrastructures.