Sunday, March 15, 2020

Inspect Encrypted Traffic on Firewalls

Hello All,

Firewalls with full Threat licensing is useless without SSL encryption, you can't inspect encrypted traffic. But you see some vendors like Juniper saying the statement which is unclear like:

Juniper Networks provides Intrusion Detection and Prevention (IDP) SSL inspection that uses the SSL protocol suite consisting of different SSL versions, ciphers, and key exchange methods. Combined with the Application Identification feature, the SSL Inspection feature enables SRX Series devices to inspect HTTP traffic encrypted in SSL on any port. The following SSL protocols are supported:

  • SSLv2
  • SSLv3
  • TLS

I saw multiple companies that have an IPS before or after the Perimeter firewall that is doing the decryption. Isn't useless?

We know that encrypted internet traffic reached higher than 90%, almost all traffic is encrypted.

My question is why do companies position security solutions like Anti-Malware in a location where encrypted traffic is passing. Isn't that wrong?

Any thoughts?



No comments:

Post a Comment