nanog mailing list archives
Re: Securing Greenfield Service Provider Clients
From: Matthias Luft via NANOG <nanog () nanog org>
Date: Fri, 9 Oct 2020 19:46:43 +0000
CJ, On 09.10.20 15:09, Christopher J. Wolff wrote:
Dear Nanog;Hope everyone is getting ready for a good weekend.� I�m working on a greenfield service provider network and I�m running into a security challenge.� I hope the great minds here can help.Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an �NGFW� device without detection and classification.Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being downloaded to my users?Have experience with Palo and Firepower but even these need the MITM approach.� I appreciate any advice anyone can provide.
I think this most likely needs to develop into a bigger discussion, but TLS introspection will (and must, otherwise we would have big problems ) rely on a MITM setup.
DNS- and reputation-based filtering was already mentioned, there is also this work on detecting malware aspects by TLS anomalies:
https://www.imperial.ac.uk/media/imperial-college/faculty-of-engineering/computing/public/1819-pg-projects/Detecting-Malware-in-TLS-Traf%EF%AC%81c.pdfI'm not aware whether there are service provider network-grade tools for this available though.
Thanks, Matthias
Current thread:
- Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matt Harris (Oct 09)
- Re: Securing Greenfield Service Provider Clients Jared Geiger (Oct 09)
- RE: Securing Greenfield Service Provider Clients Kevin Burke (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matthias Luft via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Baldur Norddahl (Oct 09)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)
- Re: Securing Greenfield Service Provider Clients Ca By (Oct 10)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 11)
- Re: Securing Greenfield Service Provider Clients Randy Bush (Oct 10)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 11)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)
- Re: Securing Greenfield Service Provider Clients Billy Crook (Oct 09)
- Re: Securing Greenfield Service Provider Clients Garrett Skjelstad (Oct 11)