Educause Security Discussion mailing list archives
Re: Inspecting encrypted traffic
From: Mark Borrie <mark.borrie () OTAGO AC NZ>
Date: Thu, 21 Jan 2016 11:49:03 +1300
Hi JohnWe implemented a NGFW solution a few years ago and thought that content inspection for malware would be a nice add on. The reality then was that we didn't find much in the mostly http traffic. Possibly this is due to the nature of malware being served via the web. Anyway, we gave up on it and have focused on endpoint malware detection.
Another issue with content inspection is the looming issue with multipath TCP. We essentially will not get all the relevant packets to reassemble and inspect so again it is going to go into the to hard basket.
Mark On 20/01/2016 7:53 a.m., John LaPrad wrote:
Hello all,I'm looking into the possibility of decrypting and inspecting encrypted traffic to and from the Internet for viruses, malware etc.... Is anyone doing this? We have Palo Alto firewalls and they support decryption, inspection, re-encryption. I'm concerned about privacy issues, could it impact compliance in any way, user acceptance.I appreciate any feed back. Thanks in advance for your time; John LaPrad Manager of Technical Services Saginaw Valley State University Phone: 989-964-7134 jrl () svsu edu
-- Mark Borrie Information Security Manager, Information Technology Services, University of Otago, Dunedin 9054, N.Z. Ph +64 3 479-8395, Fax +64 3 479-8813 Email: mark.borrie () otago ac nz
Current thread:
- Re: Inspecting encrypted traffic, (continued)
- Re: Inspecting encrypted traffic Brian Epstein (Jan 19)
- Re: Inspecting encrypted traffic John LaPrad (Jan 20)
- Re: Inspecting encrypted traffic Angelo Rodriguez (Jan 20)
- Re: Inspecting encrypted traffic Jim Cheetham (Jan 20)
- Re: Inspecting encrypted traffic Dexter Caldwell (Jan 20)
- Re: Inspecting encrypted traffic Dexter Caldwell (Jan 20)
- Re: Inspecting encrypted traffic Nathaniel Hall (Jan 20)
- Re: Inspecting encrypted traffic John LaPrad (Jan 20)
- Re: Inspecting encrypted traffic Brian Epstein (Jan 19)
- Re: Inspecting encrypted traffic Brian Epstein (Jan 20)
- Re: Inspecting encrypted traffic John LaPrad (Jan 21)
- Re: Inspecting encrypted traffic Michael Anderson (Jan 21)