nanog mailing list archives
Securing Greenfield Service Provider Clients
From: "Christopher J. Wolff" <cjwolff () nola gov>
Date: Fri, 9 Oct 2020 19:09:45 +0000
Dear Nanog; Hope everyone is getting ready for a good weekend. I'm working on a greenfield service provider network and I'm running into a security challenge. I hope the great minds here can help. Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an "NGFW" device without detection and classification. Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being downloaded to my users? Have experience with Palo and Firepower but even these need the MITM approach. I appreciate any advice anyone can provide. Best, CJ
Current thread:
- Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matt Harris (Oct 09)
- Re: Securing Greenfield Service Provider Clients Jared Geiger (Oct 09)
- RE: Securing Greenfield Service Provider Clients Kevin Burke (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matthias Luft via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Baldur Norddahl (Oct 09)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)
- Re: Securing Greenfield Service Provider Clients Ca By (Oct 10)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 11)
- Re: Securing Greenfield Service Provider Clients Randy Bush (Oct 10)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)