Log in now, if already a member, to download.
'Spoofing Server-Server Communication: How You Can Prevent It'
Advances in attacks on network security over the last few years have led to many
high-profile compromises of enterprise networks and breaches of data security.
A new attack is threatening to expand the potential for attackers to compromise
enterprise servers and the critical data on them. Solutions are available, and they
will require action by company officers and administrators.
“SSLStrip” and related attacks1 were among the highlights of the July 2009 Black Hat show in Las Vegas2. Researcher Moxie Marlinspike3 combined a number of discrete problems, not all related to SSL, to create a credible scenario in which users attempting to work with secure web sites were instead sent to malicious fake sites. One of the core problems described by Marlinspike is the ability to embed null characters in the common name field of a certificate, designating a domain name. This can be used to trick software, web browsers for example, into recognising a domain name different from the complete field name. The result is that software, and users, are misled as to the actual domain with which they are communicating.

SSLStrip has not lacked for press coverage, but the analysis has focused on the consumer or end user with a browser. The use of SSL in embedded applications, including server-server communications, presents an even more ominous scenario. This is because SSLStrip attack could be used against server‑server communications with the potential for mass-compromise of confidential data.

This spoofing problem is solved by proper use of Extended Validation (EV) SSL certificates for authentication. Moving certificate-based enterprise authentication to EV SSL would therefore protect an organisation against this form of attack.