If current trends continue, we will probably see encryption's use increase. However, the extensive use of encryption affects current conventional security methods in a very profound way, and this is something the security community must consider. Currently, we rely a great deal on security infrastructure such as proxy firewalls and network-based intrusion detection, tools that rely on being able to inspect the traffic that's passing through the network.. . .
If current trends continue, we will probably see encryption's use increase. However, the extensive use of encryption affects current conventional security methods in a very profound way, and this is something the security community must consider. Currently, we rely a great deal on security infrastructure such as proxy firewalls and network-based intrusion detection, tools that rely on being able to inspect the traffic that's passing through the network.

Proxy firewalls and network-based intrusion detection systems examine the actual contents of packets moving through them. If those contents are encrypted, then current network security infrastructure tools cannot inspect them. Malicious traffic could pass through all the best network security tools available, simply because it's encrypted and the tools have no way of knowing what it is.

A system using stacheldraht, one of the most dangerous distributed denial of service tools out there, communicates to its infected servers through an encrypted connection. Detecting it is hard for network security tools, as they must rely on detecting the unencrypted parts of stacheldraht's communication. Proxy firewalls can block dangerous attachments in email that may contain viruses, but if the email is encrypted, then the firewall offers no protection at all -- for that matter, neither do filters on the mail server.

The link for this article located at IT World is no longer available.