The Problem with the Padlock

Cover Image

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) cryptographic protocols have long been the cornerstone of Web application security, and the whole process finds its root (quite literally) in a system of signed certificates. The trouble is this security system has turned into a vulnerability. Too often an enterprise possesses a hodgepodge of signed certificates from various Certificate Authorities (CAs) that are thrown into the directories of protected services, and then often forgotten until they expire. Worse yet, recently hackers have managed to create fake certificates. CAs -- once a seemingly effective answer to ensuring Web security -- are now providing an attack surface for hackers to take advantage of.

This technical guide surveys the CA landscape, opening with a field report on the latest CA security issue, the problem of fake certificates. To help explain the nature of this threat, our second chapter delves into the certificate system, current problems with it, and what enterprise IT staff can do. This guide’s closing chapter examines industry efforts to cope with the threat: TLS 1.3. Through this guide, IT professionals, and especially those concerned with network security, will learn the latest about TLS/SSL security.

Vendor:
TechTarget Security
Posted:
Feb 8, 2021
Published:
Jul 16, 2015
Format:
PDF
Type:
eBook
Already a Bitpipe member? Log in here

Download this eBook!