SSL Decryption

SSL Decryption - Why?

SSL traffic has been around for some time now. It is an industry standard for transmitting secure data over the Internet. We all know that if we see a valid HTTPS session, we are safe to input sensitive data (e.g. Credit Card Numbers, SSN etc.) for online purchases, banking etc. Legacy stateful firewalls had no means of inspecting encrypted traffic flows. While security technology has improved and visibility has been gained by Engineers to better determine what traffic is traversing their network, the threat landscape has also adapted and threats can now be hidden in encrypted traffic flows rendering them undetectable as they pass from the Internet into the private network. While threats contained within encrypted channels are real, some would argue that these threats remain relatively small and do not warrant decryption and scanning as a best practice. However, each environment and need is different, assess your need and decide if decryption and scanning is the way to go.

When enabled, SSL Decryption enables SSL encrypted traffic to be decrypted, inspected for threats, re-encrypted and then sent on to its destination. 

There are a few scenarios for implementing SSL Decryption:

  • Inbound: Say you have some webservers in the DMZ that service executable files. We can configure the SSL Decryption appliance to essentially act as a man-in-the-middle, accept the connection on behalf of the webserver/s to verify the sources identity and integrity.
  • Outbound: As is the same with Inbound, the SSL Decryption appliance will serve as "man-in-the-middle" for HTTPS requests originating from Inside (e.g. Users), the appliance will intercept the HTTPS request, decrypt, insert itself as the source using its identity and then passes the request on to the destination.

Most of us will come across SSL Decryption while working on NGFW hardware. I have deployed SSL Decryption on both Cisco and Palo Alto Networks hardware and am happy to share the process with you. You can find a step-by-step howto guide to achieving SSL Decryption for each vendor below: 

Comments

  1. Sourav showSeptember 4, 2021 at 10:31 PM

    nice thought. Microsoft 365 consulting services Wisconsin

    ReplyDelete
  2. UnknownSeptember 9, 2021 at 5:22 AM

    Thanks for sharing this nice information with us. I have gone through whole article and get lots of information.

    Let's stop the bad guys before they stop you. Learn more about the benefits of using Your IT Company for Cybersecurity services and protection. Keep up with the latest laws, escape hefty penalties, and stay safe from security breaches and customer threats by working with our highly skilled IT security team.

    ReplyDelete

Post a Comment

Popular posts from this blog

SSL Decryption with Palo Alto NGFW

Image
Palo Alto Networks Firewall v8.0.4 SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Go to the Device Tab->Certficates. Lets import our CA certificate from the Microsoft Internal CA Server (e.g. http://x.x.x.x/certsrv). Click "Download a CA certificate, certificate chain, or CRL", choose Base64 and click "Download CA Certificate". Save this to an accessible location (e.g. Desktop) so it can be imported into the PAN-FW. 2. Back in the PAN GUI, import the CA cert and give it a comprehensive name (Note: You would click "Shared" if configuring this via Panorama and if you would like this cert to be used by multiple device/s. In this instance, we are configuring on a single local Firewall). Click ok!   Note: Click on the new Domain-RootCA cert, put a check mark next to "Trusted CA" and click ok! You will now see this reflected under the "
Read more

SSL Decryption with Cisco Firepower Management Center

Image
Cisco Firepower Management Center v6.2  SSL Decryption Policy This walk-through assumes you have an internal CA server in your production environment (e.g. Microsoft). 1. Login to Firepower Management Center (FPMC), go to Objects->Object Management->PKI->Internal CA's and click "Generate CA"  2. Fill out each field according to your FPMC setup and click on "Generate CSR" 3. Copy the encrypted information from the certificate signing request, this can also be referred to as a base64 or .pem request. Now open a browser and access your internal certificate server and request a certificate. 4. Click on "Request a certificate", then click on "advanced certificate request" 5. Paste the content of the clipboard to the text box, Certificate Template should be selected as "Subordi
Read more

Cisco Firepower Management Center v6.2 - Reference Guide

Image
Firepower Management Center v6.2 Reference Guide While I have delivered Cisco Firepower to customers over the last several years, I always prefer that my customers are engaged and shadowing me as I install, configure, and tune Firepower. I am more than happy to explain as I go along however after Firepower is up and running I like to leave my customers with a reference guide that can help them better understand their new best of class NGIPS solution. I would like to share with you an example of this reference guide and I hope that it helps you better understand some partcular features or functions within Firepower Management Center, in this case v6.2. Once we understand the underlying features and functions, we can better configure and thereby tune the NGIPS so we can achieve the highly touted efficacy of the product in terms of detecting and preventing threats! Lets start at the beginning: Initial Configuration Steps - Definitions and HowTo Network Discovery Polic
Read more