Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 5: SSH Shortcomings > Solutions Fast Track - Pg. 105

SSHShortcomings·Chapter5 105 Summary SSL is gaining favor as a secure method of communication. A realization that the protocol might be secure but no protocol exists by itself gives IT professionals a false sense of security while using SSL. Using social engineering attacks against the ends of the protocol has been shown to compromise SSL. Failure by most companies to understand or protect their staff and customers from SE compromise exacerbates the problem, making social engineering attacks more successful. Most companies have no method of tracking attacks, no polices or procedures covering SE, and little staff or customer training. Compromising SSL by use of key loggers or Trojans placed by social engineering is getting easier. New computer Trojans that load before the SSL and capture all information should cause concern for anyone who uses SSL and wants to keep it secure. Two main defenses exist against the SE attack on SSL. The first is training for anyone using the protocol. This includes customers, staff, management, and IT personnel. They should be able to recognize the sign of an SE attack. Secondly, policies and procedures that include specifics on how to deal with requests for information. As external-facing computers should be hardened before connecting them to the Internet, so should your exterior-facing staff be hardened against SE attacks. When you make it harder to attack the hardware and software, the only threat vector left is you and the staff.