nanog mailing list archives
RE: Securing Greenfield Service Provider Clients
From: Kevin Burke <kburke () burlingtontelecom com>
Date: Fri, 9 Oct 2020 20:09:13 +0000
Agreed DNS/IP reputation is still about the best. Then move on with everything else we should be doing. Decrypting the content would bring us to the next problem. Malware is commonly encrypted to prevent AntiVirus from pattern matching or hash matching. Decrypting the content always struck me as something that is better suited for spotting exfiltration. Searching for known clear text similar to “FBI Classified” or a watermark in documents sounded like an attainable goal from SSL decryption. Kevin Burke 802-540-0979 Burlington Telecom 200 Church St, Burlington, VT From: NANOG <nanog-bounces+kburke=burlingtontelecom.com () nanog org> On Behalf Of Jared Geiger Sent: Friday, October 9, 2020 3:45 PM To: nanog () nanog org Subject: Re: Securing Greenfield Service Provider Clients WARNING!! This message originated from an External Source. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. DNS filtering might be an easier option to get most of the bad stuff with services like 9.9.9.9 and 1.1.1.2. Paid options like dnsfilter.com<http://dnsfilter.com> will give you better control. Cloudflare Gateway might also be an option. On Fri, Oct 9, 2020 at 12:29 PM Christopher J. Wolff <cjwolff () nola gov<mailto:cjwolff () nola gov>> wrote: Dear Nanog; Hope everyone is getting ready for a good weekend. I’m working on a greenfield service provider network and I’m running into a security challenge. I hope the great minds here can help. Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an “NGFW” device without detection and classification. Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being downloaded to my users? Have experience with Palo and Firepower but even these need the MITM approach. I appreciate any advice anyone can provide. Best, CJ
Current thread:
- Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matt Harris (Oct 09)
- Re: Securing Greenfield Service Provider Clients Jared Geiger (Oct 09)
- RE: Securing Greenfield Service Provider Clients Kevin Burke (Oct 09)
- Re: Securing Greenfield Service Provider Clients Matthias Luft via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Baldur Norddahl (Oct 09)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 09)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)
- Re: Securing Greenfield Service Provider Clients Ca By (Oct 10)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 11)
- Re: Securing Greenfield Service Provider Clients Randy Bush (Oct 10)
- Re: Securing Greenfield Service Provider Clients Curtis, Bruce via NANOG (Oct 11)
- Re: Securing Greenfield Service Provider Clients Christopher J. Wolff (Oct 10)
- Re: Securing Greenfield Service Provider Clients Billy Crook (Oct 09)
- Re: Securing Greenfield Service Provider Clients Garrett Skjelstad (Oct 11)