How To Approach Encryption Inspection

October 5, 2016 · steveverbanic · · Comments

A full 30% of America’s internet traffic is now encrypted, a number that is expected to double by the end of 2016. SSL-encrypted traffic is rapidly becoming a standard. With the right approach, it can improve data security without compromising employee productivity or creating network maintenance headaches.

The Dark Side Of Encryption

Nevertheless, there’s a dark side: Cyber attackers are increasingly capitalizing on encryption to sneak into network environments innocuously. In response to this trend, organizations are turning to SSL encryption inspection to stop malicious code hidden in encrypted filed from reaching its destination.

How SSL Inspection Works

With SSL inspection, SSL encrypted content is first decrypted, and then inspected as though the content has reached its destination. Once the content has been verified to be safe, it is then re-encrypted and passed on. By adopting the identity of the recipient, the decryption suite is able to ensure that there is nothing “hidden” within the traffic that could potentially compromise the system.

In addition to inspecting packets as they come in, SSL inspection can also be centered around certificates. SSL inspection will verify that certificates are correct and the identity of web servers, accurate.

This is a tactic we often recommend to thwart hackers from spoofing SSL certificates for the purpose of passing on harmful programs. When integrated with a next generation firewall platform, SSL inspection is the key to unlocking encrypted sessions, seeing into encrypted packets, and finding and blocking threats. It not only protects from attacks that use HTTPS, but also from other commonly used SSL-encrypted protocols such as SMTPS, POP3S, IMAPS and FTPS.

SSL Encryption Best Practices

When approaching SSL encryption inspection, keep these best practices in mind:

  • Test thoroughly. A rule of thumb is to roll out SSL inspection in layers so that each layer can be separately tested for both reliability and security.
  • Don’t compromise productivity. Without a hardware accelerator, SSL inspection tools can bog down a system and put a drain on productivity. Some Fortinet Fortigate firewall models have SSL content scanning and SSL acceleration built in.
  • Use whitelists. White lists can be used to focus SSL inspection policies where they’re needed, rather than on the whole network traffic environment.
  • Know your traffic. Know how much traffic to expect and what percent of it is encrypted. Limit the number of policies that allow encrypted traffic.
  • Tailor the technology to your needs. SSL is not a “one size fits all” solution; there are different types of encryption and encryption standards are updated fairly regularly.

A comprehensive security strategy and technology solutions provider such as SLAIT Consulting can recommend and deliver an SSL encryption inspection approach to suit your environment and performance needs. Contact us to learn more.