by July 21, 2014 0 comments

Recently, the Heartbleed vulnerability has received considerable press due to the widespread use of SSL to secure virtually everything on the Web, including ecommerce, social media, business applications and online banking. While many businesses and networking vendors went into damage control mode. The following paragraphs, explain how to avoid exposure to Heartbleed and discuss best practices for implementing SSL in a manner that mitigates as-yet-unknown OpenSSL vulnerabilities.
In assessing SSL vulnerabilities, it is important to examine both SSL used for securing live Web traffic and SSL used for securely managing servers, load balancers, application delivery controllers (ADC) and other networking elements.
SSL for live Web traffic commonly occurs on servers, load balancers and ADCs. Of these three, servers are the most vulnerable and deliver the worst performance when tasked with SSL encryption. Not only do servers use OpenSSL, they often use multiple versions of OpenSSL and, as a result, create environments that are difficult to remediate in the event of new vulnerabilities. In addition, servers rely on general-purpose hardware to perform compute-intensive application networking tasks such as SSL, making them unsuitable for enterprise or service provider-class workloads.
Using load balancers to offload SSL from servers does improve application performance; however, the approach does little to address vulnerabilities. This is because, like servers, common load balancers use Op

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.