Educause Security Discussion mailing list archives
Re: Inspecting encrypted traffic
From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Wed, 20 Jan 2016 10:24:25 +1300
Excerpts from John LaPrad's message of 2016-01-20 07:53:24 +1300:
I'm looking into the possibility of decrypting and inspecting encrypted traffic to and from the Internet for viruses, malware etc.... Is anyone doing this? We have Palo Alto firewalls and they support decryption, inspection, re-encryption. I'm concerned about privacy issues, could it impact compliance in any way, user acceptance. I appreciate any feed back.
I'd push back on technical issues; it's effectively impossible to inspect all traffic, and each year the amount on un-inspectable traffic will rise, often sharply. Just because a vendor says they can "decrypt traffic" doesn't mean that they are correct. Have them tell you what traffic they can't decrypt :-) Have them tell you what applications won't work when they deploy their interception. MITM is an attack, not a service. So, if you accept that content inspection itself isn't going to work, look at other technologies like site reputation, DNS query analysis and of course end-point security/AV. -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 279 4670 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605
Attachment:
signature.asc
Description:
Current thread:
- Inspecting encrypted traffic John LaPrad (Jan 19)
- Re: Inspecting encrypted traffic Jim Cheetham (Jan 19)
- Re: Inspecting encrypted traffic Alex Keller (Jan 19)
- Re: Inspecting encrypted traffic John LaPrad (Jan 19)
- Re: Inspecting encrypted traffic Brian Epstein (Jan 19)
- Re: Inspecting encrypted traffic John LaPrad (Jan 20)
- Re: Inspecting encrypted traffic Angelo Rodriguez (Jan 20)
- Re: Inspecting encrypted traffic Jim Cheetham (Jan 20)
- Re: Inspecting encrypted traffic Dexter Caldwell (Jan 20)
- Re: Inspecting encrypted traffic Dexter Caldwell (Jan 20)
- Re: Inspecting encrypted traffic Nathaniel Hall (Jan 20)
- Re: Inspecting encrypted traffic John LaPrad (Jan 20)
- Re: Inspecting encrypted traffic Brian Epstein (Jan 20)