Security Market Segment LS
×

Message

Failed loading XML... Document is empty
Friday, 26 September 2014 16:42

When more security can mean less security

By
When more security can mean less security

Taking steps to improve your security in one area can reduce it in others.

Partly in response to the Snowdon revelations, a growing number of organisations around the world are enabling 'perfect forward secrecy' (PFS), F5 Networks' worldwide security evangelist David Holmes told iTWire.

The idea is to protect against the possibility of an agency (not necessarily a government agency, though they are the ones with the budgets required) intercepting and storing HTTPS traffic in the hope that it will one day gain access to the secret key used to encrypt the data.

This could happen if the key was accidentally disclosed, or if a company with legitimate access to it got into financial difficulties and was acquired by the agency, for example.
So PFS uses a transient session key known only to the server and browser.

What organisations implementing PFS need to realise, Mr Holmes said, is that it breaks some other security and reliability practices.

Examples include transparent failover to a second data centre in the event of a disaster, or the ability to tap data flows for web analytics aimed at detecting unusual events.

"People should be aware that they have to change things," he warned.

The adoption of PFS is good for F5, Mr Holmes said, as its equipment is widely used to handle SSL encryption and decryption as used in HTTPS, rather than leaving the job to servers.

This approach provides for much simpler key management, and also allows traffic inspection.

Such inspection does mean "you're fooling the user" into thinking that HTTPS provides a secure link from the browser right to the server, but it does address bigger problem: malware getting into systems via HTTPS traffic.

Facebook - not the company itself, but rather the content it delivers - is one of several known sources of malware that can enter an organisation via HTTPS, he said, so there is a need to decrypt and scan such traffic.

Balancing privacy and security can be difficult, but F5's products do allow sophisticated policies. For example, inbound traffic from Facebook can be decrypted and scanned to check for malware, Google search traffic can be decrypted and only examined to see that SafeSearch is on (to avoid NSFW content), while traffic associated with banks and financial institutions is left completely untouched.

So whether an organisation wants to decrypt everything or just to peek into certain pieces of traffic, F5 can help, he said: "that's why we've been so busy."

Read 2875 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Latest from Stephen Withers

Related items

More in this category: « Australia a world leader – in phishing Apple yet to release fix for remote exploit in Bash »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments