Does SSL Prevent Malicious Server Attacks?

Secure Sockets Layer (SSL) can mitigate some malicious response attacks. If the client uses SSL and checks that the server SSL certificate is valid ”it is from a trusted certificate authority (CA), it has not expired , the name of the server to which the client has connected matches the name on the certificate, the certificate has not been revoked , and so forth ”MITM attacks, DNS control and/or poisoning , and socket hijacking attacks won t work. However, SSL doesn t stop attacks in which the attacker coerces a target to connect to an arbitrary server (the first case described earlier). Even if SSL is used to connect, an attacker can legitimately obtain an SSL certificate for malicious use.

Important

The target client is in trouble if MITM attacks, DNS control/poisoning, or socket hijacking can occur. Client applications should be written carefully to ensure that the client doesn t become compromised as a result of such attacks.

Also consider that a server that is normally trusted could be compromised. In this scenario, the attacker s data could be sent from the server over SSL. It is important to consider how much a client should trust a server.

For example, to mitigate a server compromise, programs that automatically download and install updates often check the signature of the update. To make it more difficult for an attacker to tamper with updates the private key used to sign the updates should not reside on the server. Without a defense- in-depth measure like this, an attacker that compromises the update server would then be able to install and compromise any client that requests updates.