Securing Greenfield Service Provider Clients

• Previous message (by thread): Securing Greenfield Service Provider Clients
• Next message (by thread): Securing Greenfield Service Provider Clients
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you really suggesting decrypting customer traffic? In most parts of the
world that act falls in one of two categories: it is either required by law
or it is illegal.

Offer your customers a good virus scanner to install instead.

Regards

Baldur


fre. 9. okt. 2020 21.27 skrev Christopher J. Wolff <cjwolff at nola.gov>:

> Dear Nanog;
>
>
>
> Hope everyone is getting ready for a good weekend.  I’m working on a
> greenfield service provider network and I’m running into a security
> challenge.  I hope the great minds here can help.
>
>
>
> Since the majority of traffic is SSL/TLS, encrypted malicious content can
> pass through even an “NGFW” device without detection and classification.
>
>
>
> Without setting up SSL encrypt/decrypt through a MITM setup and handing
> certificates out to every client, is there any other software/hardware that
> can perform DPI and/or ssl analysis so I can prevent encrypted malicious
> content from being downloaded to my users?
>
>
>
> Have experience with Palo and Firepower but even these need the MITM
> approach.  I appreciate any advice anyone can provide.
>
>
>
> Best,
>
> CJ
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20201009/50ac06e4/attachment.html>

• Previous message (by thread): Securing Greenfield Service Provider Clients
• Next message (by thread): Securing Greenfield Service Provider Clients
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]