Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Inspecting encrypted traffic

From: Mark Borrie <mark.borrie () OTAGO AC NZ>
Date: Thu, 21 Jan 2016 11:49:03 +1300
Hi John
We implemented a NGFW solution a few years ago and thought that content inspection for malware would be a nice add on. The reality then was that we didn't find much in the mostly http traffic. Possibly this is due to the nature of malware being served via the web. Anyway, we gave up on it and have focused on endpoint malware detection.
Another issue with content inspection is the looming issue with multipath TCP. We essentially will not get all the relevant packets to reassemble and inspect so again it is going to go into the to hard basket. 

Mark

On 20/01/2016 7:53 a.m., John LaPrad wrote:

Hello all,
I'm looking into the possibility of decrypting and inspecting encrypted traffic to and from the Internet for viruses, malware etc.... Is anyone doing this? We have Palo Alto firewalls and they support decryption, inspection, re-encryption. I'm concerned about privacy issues, could it impact compliance in any way, user acceptance. 
I appreciate any feed back.

Thanks in advance for your time;

John LaPrad
Manager of Technical Services
Saginaw Valley State University
Phone: 989-964-7134
jrl () svsu edu



--
Mark Borrie
Information Security Manager,
Information Technology Services, University of Otago,
Dunedin 9054, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-8813
Email: mark.borrie () otago ac nz
Previous By Date Next
Previous By Thread Next

Current thread: