nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Securing Greenfield Service Provider Clients

From: Baldur Norddahl <baldur.norddahl () gmail com>
Date: Fri, 9 Oct 2020 22:36:32 +0200
Are you really suggesting decrypting customer traffic? In most parts of the
world that act falls in one of two categories: it is either required by law
or it is illegal.

Offer your customers a good virus scanner to install instead.

Regards

Baldur


fre. 9. okt. 2020 21.27 skrev Christopher J. Wolff <cjwolff () nola gov>:


Dear Nanog;



Hope everyone is getting ready for a good weekend.  I’m working on a
greenfield service provider network and I’m running into a security
challenge.  I hope the great minds here can help.



Since the majority of traffic is SSL/TLS, encrypted malicious content can
pass through even an “NGFW” device without detection and classification.



Without setting up SSL encrypt/decrypt through a MITM setup and handing
certificates out to every client, is there any other software/hardware that
can perform DPI and/or ssl analysis so I can prevent encrypted malicious
content from being downloaded to my users?



Have experience with Palo and Firepower but even these need the MITM
approach.  I appreciate any advice anyone can provide.



Best,

CJ
Previous By Date Next
Previous By Thread Next

Current thread: