SSL Decryption
SSL Decryption - Why?
SSL traffic has been around for some time now. It is an industry standard for transmitting secure data over the Internet. We all know that if we see a valid HTTPS session, we are safe to input sensitive data (e.g. Credit Card Numbers, SSN etc.) for online purchases, banking etc. Legacy stateful firewalls had no means of inspecting encrypted traffic flows. While security technology has improved and visibility has been gained by Engineers to better determine what traffic is traversing their network, the threat landscape has also adapted and threats can now be hidden in encrypted traffic flows rendering them undetectable as they pass from the Internet into the private network. While threats contained within encrypted channels are real, some would argue that these threats remain relatively small and do not warrant decryption and scanning as a best practice. However, each environment and need is different, assess your need and decide if decryption and scanning is the way to go.
When enabled, SSL Decryption enables SSL encrypted traffic to be decrypted, inspected for threats, re-encrypted and then sent on to its destination.
There are a few scenarios for implementing SSL Decryption:
- Inbound: Say you have some webservers in the DMZ that service executable files. We can configure the SSL Decryption appliance to essentially act as a man-in-the-middle, accept the connection on behalf of the webserver/s to verify the sources identity and integrity.
- Outbound: As is the same with Inbound, the SSL Decryption appliance will serve as "man-in-the-middle" for HTTPS requests originating from Inside (e.g. Users), the appliance will intercept the HTTPS request, decrypt, insert itself as the source using its identity and then passes the request on to the destination.
Most of us will come across SSL Decryption while working on NGFW hardware. I have deployed SSL Decryption on both Cisco and Palo Alto Networks hardware and am happy to share the process with you. You can find a step-by-step howto guide to achieving SSL Decryption for each vendor below:
nice thought. Microsoft 365 consulting services Wisconsin
ReplyDeleteThanks for sharing this nice information with us. I have gone through whole article and get lots of information.
ReplyDeleteLet's stop the bad guys before they stop you. Learn more about the benefits of using Your IT Company for Cybersecurity services and protection. Keep up with the latest laws, escape hefty penalties, and stay safe from security breaches and customer threats by working with our highly skilled IT security team.