Encrypted cyberspace traffic is on an explosive upturn. According to the Google® Transparency Report: “Users charge to a greater extent than than one-half of the pages they thought over HTTPS in addition to pass two-thirds of their fourth dimension on HTTPS pages.”[1] At the same time, encrypted traffic carried nearly 3.5 i thou m unique malware samples inward 2017. In this series, we’ll dive into the instance for decryption, including where in addition to how you lot should enable it to encounter your company’s needs. 
In my lastly post, I covered Next-Generation Firewall buying criteria for your decryption needs. Lately at that topographic point has been give-and-take on the cyberspace nearly whether decryption performed past times network safety devices enhances or compromises security. In other words, if encryption is supposed to live expert for information privacy in addition to security, why decrypt? This may live an opened upwardly interrogation inward your hear every bit you lot evaluate whether to decrypt traffic. Alternatively, if you lot conduct keep made the determination to decrypt, your executives or end-users may inquire you lot this question.
In this post, I am going to response this interrogation for you lot past times using a pop study every bit an example. The University of Michigan, University of Illinois Urbana-Champaign in addition to others published a 2017 study called “The Security Impact of HTTPS Interception” that examines the prevalence in addition to touching on of HTTPS interception past times network safety devices. The findings signal that nearly all interceptions bring down connectedness security, in addition to many innovate severe vulnerabilities.
The newspaper indicates several reasons why interceptions bring down connectedness security:
- The default configuration for many of these network safety devices weakens security, for example, past times using RC4-based ciphers.
- Many devices conduct keep broken certificate validation.
- The installation procedure for many devices is convoluted in addition to crash-prone.
- Device configuration is confusing.
However, when decryption is performed correctly, it enhances security. It prevents adversaries from misusing encrypted traffic to assault your organization. To ensure that decryption enhances safety in addition to does non weaken it, it is critical to confirm that your NGFW:
- Does non enable RC4-based ciphers past times default. The recommended best practise safety policy is to avoid weak algorithms, such every bit MD5, RC4, SHA1 in addition to 3DES.
- Blocks invalid certificates past times default, including sessions alongside expired certificates, untrusted issuer certificates in addition to unknown condition certificates.
- Blocks sessions alongside unsupported versions. The recommended best practise safety policy blocks purpose of vulnerable SSL/TLS versions, including TLS 1.0 in addition to SSLv3.
- Uses Online Certificate Status Protocol and/or certificate revocation lists – OCSP in addition to CRLs – to verify the revocation condition of certificates.
- Does non shop decrypted traffic on disk. The details must live alone stored inward memory, coming together safety in addition to regulatory requirements.
In summary, decrypting traffic lonely tin sack weaken security, simply given due diligence spell buying an NGFW, in addition to if you lot follow best practices, decryption volition non alone supply you lot the necessary visibility into all traffic, simply too protect you lot from adversaries that enshroud threats inward encrypted tunnels.
In my side past times side in addition to lastly postal service of this serial I volition encompass best practices for enabling SSL decryption. In the meantime, delight conduct keep a await at our recent on-demand webcast and SSL Decryption Whitepaper.
