SSL, the most trusted protocol name among corporate clients as well as general users like us, seems to be circulating in the mouths of everybody now. While some of us know the benefits of choosing SSL as their VPN over others, quite a lot of users simply flow with the tide! But the amusing fact that takes birth from here is that SSL virtual private network has lots of myths about it! Let us know some of them and try to debunk them.
Myth 1: The exchange of sensitive resources through SSL is always secured
Those who trust SSL blindly often suffer from a wrong notion that it is safest tunnel to transfer sensitive data to clients, net partners and datacenters. They consider SSN virtual private network as perennially immune against cyber threats. Unfortunately, this is nothing but a myth! A recent incident was reported in 2012 when millions of customers belonging to a corporate entity, The CitiGroup, experienced hard blow from online trespassers while transferring their data via SSL! A group of researchers from Switzerland discovered that as a popular technique to retrieve encrypted data transferred through SSL channel was by manipulative exploitation of block ciphers like AES!
Myth 2: HTTP is the most trusted channel
Relying blindly upon HTTP and believing it to be the safest channel of SSL virtual private network is another myth. This is probably the fallacy that wrecked havoc to millions of CitiGroup clients! Actually, most people are driven by the common misconception that a pipe which is directly connected to the ISP network of an internet service provider is always safe, especially in connection to Windows anti-virus software and firewall protection. But the twist in the tale is that IPv6 assigns addresses which are supposedly all routable via internet. This causes the HTTP channel to become vulnerable to cyber threats if the firewall protection is not properly set up!
Myth 3: The certified two-way exchange between a client and a SOA web server is always secured
This is another myth. SSL authenticates parties at the either end of each channel, the SOA web servers and the users, by issuing certificates. These certifications are done by analyzing various cryptographic parameters like password, finger print, biometric identity, etc. In a situation when the public key can be tampered to decrypt a sensitive data, there are high chances that the original data that was encrypted with the corresponding private keys are also manipulated!
I am Frank Boyle, a research analyst. I often have to do a lot of research about various products and services. I write blog posts related to UK VPN.