Securing Greenfield Service Provider Clients

• Previous message (by thread): Securing Greenfield Service Provider Clients
• Next message (by thread): Securing Greenfield Service Provider Clients
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

CJ,

On 09.10.20 15:09, Christopher J. Wolff wrote:
> Dear Nanog;
> 
> Hope everyone is getting ready for a good weekend.� I�m working on a 
> greenfield service provider network and I�m running into a security 
> challenge.� I hope the great minds here can help.
> 
> Since the majority of traffic is SSL/TLS, encrypted malicious content 
> can pass through even an �NGFW� device without detection and classification.
> 
> Without setting up SSL encrypt/decrypt through a MITM setup and handing 
> certificates out to every client, is there any other software/hardware 
> that can perform DPI and/or ssl analysis so I can prevent encrypted 
> malicious content from being downloaded to my users?
> 
> Have experience with Palo and Firepower but even these need the MITM 
> approach.� I appreciate any advice anyone can provide.

I think this most likely needs to develop into a bigger discussion, but 
TLS introspection will (and must, otherwise we would have big problems ) 
rely on a MITM setup.

DNS- and reputation-based filtering was already mentioned, there is also 
this work on detecting malware aspects by TLS anomalies:
https://www.imperial.ac.uk/media/imperial-college/faculty-of-engineering/computing/public/1819-pg-projects/Detecting-Malware-in-TLS-Traf%EF%AC%81c.pdf

I'm not aware whether there are service provider network-grade tools for 
this available though.

Thanks,
Matthias

• Previous message (by thread): Securing Greenfield Service Provider Clients
• Next message (by thread): Securing Greenfield Service Provider Clients
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]