Pressure piles up over speedy but secure traffic

Pressure to increase site performance tempts network managers to speed up secured transactions, but configuration issues could turn this action into an invitation to hackers.

Paddy McManus, general manager of internet traffic management Radware UK, said the growth of ecommerce means that vast amounts of valuable information passed through the public infrastructure of the internet.

"Network managers are in a Catch-22 situation. Internet users expect high levels of security but will not tolerate a reduction in website efficiency or transaction speed," he said. "With an SSL accelerator, website security does not sacrifice performance."

Critics question the safety of secure socket layer (SSL) accelerators or caches detached from the web server, saying that if used incorrectly on the network, they could impair site security.

Radware recently released an SSL accelerator, CertainT 100. According to the company, it speeds up online secured transactions while maintaining the safety of SSL. The product offloads SSL sessions from the web server and sends up to 20,000 transactions per second encrypted and decrypted back to the server.

Brian Gladman, security expert and former technical director at NATO, argued that an SSL accelerator directly on top of the web could be fairly safe. However, if an accelerator was put into a separate cache or appliance, security would depend on the configuration of the network.

Gladman said: "Security can never be 100 per cent and a judgement must be made between the value of increased performance and risk added. Using it properly requires expertise, and some companies going into ecommerce may lack this."

Nick Bond, technical manager at Radware, admitted that there are two areas of security risk with SSL accelerators. The first is that traffic between accelerator and destination server is unencrypted, though it can contain sensitive information. The second is that information on the server, which is in plain HTML, could theoretically be accessed from a source other than the SSL accelerator path.

Bond suggested the use of SSL accelerators in series with the destination server, so that traffic can only reach servers via the accelerator. "This solves the second problem and reduces the first, but is not the most flexible of implementations," he said.

This is only a solution if servers are dedicated to supporting the secure protocol. Other connections, bypassing the SSL accelerator, could undermine the system's security.

Companies need a mixture of secure and insecure servers. This is not a problem for large organisations, but is unfeasible for smaller ones.

"Splitting the traffic is okay, provided the server behind the SSL accelerator is dedicated and only has connections that pass the accelerator," explained Gladman.

HOW TO REDUCE THE RISKS

• To protect unencrypted traffic, network managers should place the accelerator and web server director (WSD) close to the destination servers, preferably in a less public part of the network. Although this reduces risk, it is not a real fix.
• 
  
• To ensure plain HTML data on the unprotected server can only be reached via the SSL accelerator, network managers should use a WSD to secure the site. It intercepts traffic and sends https traffic to the accelerator, while other traffic is load balanced across the server farm. "A combination of these methods can reduce the risk," Radware's Bond said.