Inside the Briefcase

How to align your visual brand guidelines and create consistently on-brand content

How to align your visual brand guidelines and create consistently on-brand content

In this ebook, we’ll explore the various themes leading...

Your B2B Content Strategy in 2017: How To Think Like A Movie Studio + 6 Other Tactics

Your B2B Content Strategy in 2017: How To Think Like A Movie Studio + 6 Other Tactics

Jon Lombardo, Creative Lead, LinkedIn, reveals in this presentation...

2017 State of Technology Training

2017 State of Technology Training

Pluralsight recently completed an in-depth survey of 300 enterprises...

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

IT Briefcase Exclusive Interview: Keeping Your (Manufacturing) Head in the Clouds

with Srivats Ramaswami, 42Q
In this interview, Srivats Ramaswami,...

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

IT Briefcase Exclusive Interview: New Solutions Keeping Enterprise Business Ahead of the Game

with Sander Barens, Expereo
In this interview, Sander Barens...

Spoofing Server-Server Communication: How You Can Prevent It

April 11, 2012 No Comments

Advances in attacks on network security over the last few years have led to many
high-profile compromises of enterprise networks and breaches of data security.
A new attack is threatening to expand the potential for attackers to compromise
enterprise servers and the critical data on them. Solutions are available, and they
will require action by company officers and administrators.

“SSLStrip” and related attacks1 were among the highlights of the July 2009
Black Hat show in Las Vegas2. Researcher Moxie Marlinspike3 combined a number
of discrete problems, not all related to SSL, to create a credible scenario in which
users attempting to work with secure websites were instead sent to malicious
fake sites. One of the core problems described by Marlinspike is the ability to
embed null characters in the common name field of a certificate, designating a
domain name. This can be used to trick software, web browsers for example, into
recognizing a domain name different from the complete field name. The result
is that software, and users, are misled as to the actual domain with which they
are communicating.

SSLStrip has not lacked for press coverage, but the analysis has focused on the
consumer or end user with a browser. The use of SSL in embedded applications,
including server-server communications, presents an even more ominous
scenario. This is because SSLStrip attack could be used against server-server
communications with the potential for mass-compromise of confidential data.

This spoofing problem is solved by proper use of Extended Validation (EV) SSL
certificates for authentication. Moving certificate-based enterprise authentication
to EV SSL would therefore protect an organization against this form of attack.

DOWNLOAD WHITE PAPER

Featured White Papers, SECURITY

Leave a Reply

(required)

(required)


ADVERTISEMENT

Gartner Infrastructure


Gartner Application Strategies


IBC 2017

ITBriefcase Comparison Report