Despite the fact that SSL is an encryption protocol, a security measure designed to hide and protect the traffic between the user and the web server, it cannot serve as a guarantor of security. Even with SSL available, experienced hackers can listen to and analyze traffic, and eventually steal confidential information through attacks “man in the middle”, or similar methods.
However, the average users still prefer to buy goods on the websites with SSL-certificates, certified by Symantec or other equally authority. Consider the mechanism of the secure SSL protocol, to realize that it is not completely safe and is intended, rather, to increase user confidence. Primarily, SSL different from SSH.
System administrators use SSH for secure access to remote services through Telnet. Typically, Telnet uses port 23. When traffic is encrypted via SSH, firewall or router, Telnet uses port 22. The same can be said for FTP. FTP in the normal state uses port 20 and 21. FTP with SSH uses port 22. As with SSH, SSL encrypts traffic. However, both encryption protocol will not use the same port 22. When the encrypted HTTP, SSL uses ports 443 and 636.
Researchers in the field of security is recommended to use TLS instead of SSL, when it comes to traffic encryption. SSL, in the case of TCP / IP, operates at the application layer (application layer protocol) to provide a secure connection between the user browser and the web server. The browser communicates with the two common methods of HTTP web server – GET and POST.
The three main tasks of SSL
SSL three main objectives are: confidentiality, integrity and authentication. For example, a typical scenario – you want to buy a book online and in the buying process you will be forced to pass confidential information (eg credit card number) via the POST method the web server.
Naturally, you want to be sure that this information will not fall into the hands of third parties. That kind of confidence is to provide SSL.
Why SSL is not the guarantor of full security
In cyberspace, there are different ways to attack. Attackers can bypass SSL by using the following methods to calculate the session ID, pick up the ID using brute force, using attack Reflected File Download, or other ways. Attack Reflected File Download allows an attacker to load a malicious file on a victim’s computer by using a trusted domain, such as google.com or Bing.com. The danger is that users perceive these domains as credible and do not feel the danger. Once the user downloads the file (either PDF or EXE-file), the attacker’s task is completed, the control over a victim’s computer received.
The first step: the user is on a malicious link to google.com or bing.com.
The second step: the user downloads a malicious executable file on a trusted domain. All security measures, such as the SSL-certificate in accordance with the procedure and the user thinks that the .exe file is located on a trusted web server.
The third step: the user runs the file containing malicious code, and the attacker gains complete control over the victim’s computer. Therefore, SSL availability (though it is recommended by security experts) is not a complete guarantee of security. As we have seen, the attack Reflected File Download easily bypass such measures.