If you have ever installed WSUS, you have probably noticed that the main WSUS Administrator screen gives you a warning if WSUS is not configured to use SSL encryption. I have talked to some people who believe that SSL encryption is not necessary if the WSUS server is not exposed to the Internet. After all, the server is a trusted member of your network and is maintained by the administrative staff, so there is no need for SSL if it is not servicing external clients, right?
If you stop and think about it, it does seem a bit silly to encrypt security patch downloads. The reason why Microsoft recommends using SSL encryption with WSUS doesn’t really have anything to do with encryption though. It has more to do with integrity. SSL encryption is certificate based. When a client connects to a WSUS Server (or to any other type of Web server for that matter) and requests SSL encryption, the server uses its certificate to encrypt the data. More importantly in this case though, the certificate proves the server’s identity and it also proves that the data has not been modified in transit.
So why is this important? Imagine for a moment that a hacker set up a WSUS server of their own. Let’s up the ante by saying that they modified all of the patches on the server so that they contained some really nasty malicious code. Once the hacker had set up the WSUS server, they could either change the host record on your DNS server to point to their malicious server, or they could use a malicious script similar to what many spyware mechanisms use to modify your workstation’s HOSTS file. The end result is that your clients think that they are connecting to your WSUS server, when in reality they are connected to a malicious WSUS server that has now infecting all of the machines on your network with evil Trojans. On the other hand, if your WSUS server had been configured to use an SSL certificate, then the server’s identity could be checked each time that a client requests a patch.
No comments:
Post a Comment