National Cyber Alert
This is a National Cyber Alert! All systems behind a Hypertext Transfer Protocol Secure (HTTPS) interception product are potentially affected.
Detecting Malware that Uses HTTPS:
As of 8:40am 3/16/2017, Homeland Security released a statement titled TA17-075A: HTTPS Interception Weakens TLS Security.
This is what is being reported concerning this National Cyber Alert:
“A recent report, The Security Impact of HTTPS Interception , highlighted several security concerns with HTTPS inspection products and outlined survey results of these issues. Many HTTPS inspection products do not properly verify the certificate chain of the server before re-encrypting and forwarding client data, allowing the possibility of a MiTM attack. Furthermore, certificate-chain verification errors are infrequently forwarded to the client, leading a client to believe that operations were performed as intended with the correct server.” – Homeland Security
Contact CR-T to resolve and address these issues or with any questions relating to this matter.