Results 1 to 4 of 4
  1. #1
    Untangler
    Join Date
    Feb 2016
    Posts
    36

    Default The future of SSL Inspector

    Hello all.

    While there are several things I like about Untangle in general, one of my biggest reasons for running it is for a central, network level point of security. While there were other options out there, with close to 50% of internet traffic being encrypted, that's a lot of traffic going right by my fancy gateway security software. Because of this, I felt the SSL inspector, while a bit of a pain to live with, made a lot of sense.

    However, I am learning with TLS 1.3, it's going to get even harder, if not impossible, to continue scanning traffic in this way. Cisco has recently launched a product designed to find patterns in encrypted traffic, to scan it for malware without necessarily being able to see the raw data inside. It's called Encrypted Traffic Analysis. (ETA) Link if anyone is interested.
    https://www.cisco.com/c/en/us/soluti...urity/eta.html

    Does anyone know if Untangle has any plans in the works to tackle this upcoming change on the horizon for dealing with encrypted traffic?

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    8,352

    Default

    I want to see independent verification of that feature. As it goes against the definition of encryption.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    We are seeing about 65-75% of web traffic currently be encrypted globally.
    It should be 85% soon.

    For security purposes, thats close enough to assume its 100% IMO, which is what Untangle is doing.
    https://www.untangle.com/inside-unta...o-content-era/

    TLS 1.3 isn't the biggest challenge to SSL inspection imo, its all the other stuff, like android and cert pinning. Its already not very realistic in most scenarios and becoming less so. Its still an important tool, its just not the tool to solve ubiquitous encryption.

    The cisco thing is total marketing gibberish. At one point they claimed they could detect viruses inside encrypted streams. If given a solution that does that it then becomes trivial to decrypt all encryption, which means they are either full of it, or they actually cracked all encryption and are selling it and no one noticed that all encryption is obsolete.

    To do so just define any custom virus signature you want like "Russia" and then see if you detect the virus inside the encrypted stream. Repeat for any words you are interested in and decrypt the text.

    In reality, what they mean is that they are going to leverage reputation metadata and make decisions intelligently based on things besides the content. I guess their marketing didn't like that message and went with something dumb instead.

    The good news is that there is still plenty of security that can be applied even without the content.
    Its just not the traditional ones (IPS, antivirus, antispam), but there are actually other ways that are quite effective and actually better in the modern cloud world.
    Last edited by dmorris; 04-28-2018 at 01:06 PM.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Master Untangler
    Join Date
    May 2010
    Location
    Texas, USA
    Posts
    694

    Default

    Quote Originally Posted by dmorris View Post
    The good news is that there is still plenty of security that can be applied even without the content.
    Its just not the traditional ones (IPS, antivirus, antispam), but there are actually other ways that are quite effective and actually better in the modern cloud world.
    Sorry to re-open an old thread... In between encrypted DNS, VPNs, and cert pinning I'm not sure what recourse people have left for perimeter scanning.

    I would be curious of your thoughts on what some of these "other ways" you mention are. Maybe I'm missing something that I should be doing...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2