Why You Should Check Your SSL Blind Spots Regularly

Wednesday, April 6, 2016

ssl blindspotWhen driving a car or riding a bicycle, one thing you’d have learnt is the need to look at blind spots whenever making a turn or changing lanes. The rationale behind checking blindspots is simple – to be wary of other vehicles or pedestrians in your nearby surroundings not noticeable in the first instance. Doing so prevents any unwanted collision or mishap. In encryption, the SSL protocol works the same way where end point connections are its blind spots for vulnerabilities not noticeable instantly.

What are SSL Endpoints?

To first understand endpoints, there is a need to explain what SSL/TLS does. SSL (Secure Socket Layer) and TLS (Transport Layer Security), where the latter is a newer protocol of the other, works to ensure an encrypted link is made between 2 endpoints. The endpoints exist (1) on the client’s end (2) on the servers end.

It is on the server’s end where you as an administrator will have full control of. Checking of endpoints (blindspots) would include disabling cipher suites and old protocols such as SSL 2.0 and 3.0 on the server control panel.

For full list on what protocols to disable, we recommend visiting DigiCert website:

https://www.digicert.com/cert-inspector-vulnerabilities.htm

Why Do So Regularly?

SSL/TLS encryption technology have been around for the past 20 years and it’s being constantly improved each day with the aim of improving encryption security. Each update leaves the old ones vulnerable and for that, there’s a need to check and disable them. Failing to do so can make your servers accessible to intruders if they were to make use of any SSL/TLS loophole.

It is recommended to carry out checks on SSL/TLS every half yearly and this can be done using a certificate inspector such as the DigiCert Certificate Inspector™, which is available for free.

Much like when you first started driving a car, checking for blind spots may not be an intuitive habit. But over time, with more work and practise done, SSL blind spot checking can be second nature to an IT administrator in charge of SSL/TLS implementation.

ashleeAbout Ashlee Ang

Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.

Share :    


Back to Blog