Britain's retail banks face an unprecedented threat from widely-used Web server software as computer hacking enters a new era, application switching specialist Radware has warned.
Microsoft's SSL (Secure Socket Layer) Web server software can be broken into rapidly by hackers, posing a particular risk to the large number banks using it for Internet banking systems, according to Radware. The risk is heightened when IT administrators fail to deploy SSL properly across their systems.
Hacking entered a new era with the SQL Slammer worm virus outbreak in January. SQL Servers were attacked rather than e-mail applications, which have previously been the targeted of worldwide viral campaign attempts. The disruption caused widespread unavailability of online banking and ATM facilities.
"Threats to network security will always evolve and become increasingly sophisticated," said Steve Edge, technical director for Radware in northern Europe. "The problem for UK banks is that hackers are turning their attentions to new entry routes, and SSL will be one of them.
The dilemma for banks and other organisations is that they are under growing pressure to provide faster network throughput as traffic volumes increase, yet also require greater security as a precaution against hacking attempts, which slows traffic down. It's a real Catch 22 problem, but Radware's application switching solutions offer an answer," he added.
Radware's CertainT 100 features SSL encryption/decryption capabilities, which ensure SSL security for fast, efficient and continuous application switching to facilitate online transactions without network degradation. This is achieved by relieving networked Web servers of performing the CPU intensive SSL encryption and decryption calculations associated with e-commerce applications.
"The SSL threat is more severe because IT administrators may not have installed the server software correctly, meaning hackers have a significant head start if they are wanting to break in. Banks should audit their SSL systems and consider how improvements can be made to their network architectures to ensure attempts on SSL are identified and blocked," added Edge.
"SSL is the most common way banks and financial institutions execute transactions over the Internet, yet traditional security tools are incapable of preventing SSL vulnerabilities," said Chris Christiansen, IDC vice president of security products and infrastructure software. "As a result, more and more banks today are deploying tools that inspect encrypted SSL content in order to provide reliable transaction security."
About Radware
Radware is dedicated to providing Intelligent Application Switching, guaranteeing the best operation and servicing of IP applications and enterprise traffic across the Internet. Radware aligns application needs with the network infrastructure to seamlessly allocate resources, optimize application operations and extend security, ensuring the integrity of critical business processes.
Radware's solutions address the needs of corporate enterprises, service providers, and e-commerce business through one or more of our award winning products including: Web Server Director (WSD), Cache Server Director (CSD), FireProof, LinkProof, Peer Director, CertainT 100. Our comprehensive suite of products service end-to-end application operations, providing robust and scalable network traffic assurance. For more information, please visit us at www.radware.com
This press release may contain forward-looking statements that are subject to risks and uncertainties. Factors that could cause actual results to differ materially from these forward-looking statements include, but are not limited to, general business conditions in the Internet traffic management industry, changes in demand for Internet traffic management products, the timing and amount or cancellation of orders and other risks detailed from time to time in Radware's filings with the Securities and Exchange Commission, including Radware's Form 20-F.