Council Surveys QSAS on SSL

Thursday, February 19, 2015

PCI Guru

Fc152e73692bc3c934d248f639d9e963

This message popped into my inbox late yesterday.

20150217-PCISSCemailMsg

The survey in question contains the following questions.

20150217-PCISSCSurvey

 All of my clients have gotten rid of SSL on their public facing Web sites.

The dilemma we have is that while SSL is dead, it is baked into so many products and appliances.  My clients are therefore stuck with appliances and software products that have SSL hard coded into them.  As a result, they will be dependent on their vendors to convert to TLS.

That said, what is the risk of using SSL internally?  Not a good practice, but truthfully, what is the risk?

In my opinion, using SSL internally for the next 12 to 24 months would not be the end of the world as long as it does not become a significant attack vector.

It will be interesting to hear the results of this survey.

This was cross-posted from the PCI Guru blog. 

12326
General HIPAA PCI DSS General
Post Rating I Like this!
Default-avatar
Bruce Norris This publish is astonished in quality, in fact admire my striking and creative writing abilities.
Click Here: http://www.desireleather.com/product/mass-effect-n7-leather-jacket/

1424841608
Default-avatar
carol bland You have made a deal with this subject, well thought out and clearly written. Thank you
click here: http://www.pecoslawgroup.com

1424885100
Default-avatar
carol bland Your content explanation is fabulous for the supportive purpose and experience. Great
more information: http://www.laevehiclerental.co.uk

1424885150
Default-avatar
arbi salami This article is an appealing wealth of informative. I commend your hard work on this and thank you for this information. You’ve got what it takes to get attention.
http://ow.ly/JCepG
1426312174
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.