Securing Greenfield Service Provider Clients

Christopher J. Wolff cjwolff at nola.gov
Fri Oct 9 19:09:45 UTC 2020


Dear Nanog;

Hope everyone is getting ready for a good weekend.  I'm working on a greenfield service provider network and I'm running into a security challenge.  I hope the great minds here can help.

Since the majority of traffic is SSL/TLS, encrypted malicious content can pass through even an "NGFW" device without detection and classification.

Without setting up SSL encrypt/decrypt through a MITM setup and handing certificates out to every client, is there any other software/hardware that can perform DPI and/or ssl analysis so I can prevent encrypted malicious content from being downloaded to my users?

Have experience with Palo and Firepower but even these need the MITM approach.  I appreciate any advice anyone can provide.

Best,
CJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201009/9bbb99ad/attachment.html>


More information about the NANOG mailing list