topic Decrypt traffice in General Topics

Decrypt traffice

jorge — Thu, 14 Jun 2012 20:05:29 GMT

Is there a reason you wouldn't want to decrypt traffic like: Shopping

Re: Decrypt traffice

mikand — Thu, 14 Jun 2012 21:15:47 GMT

In my opinion, specially when it comes using PA towards Internet, you should decrypt everything and stuff that cannot be decrypted shouldnt be allowed through.

Windowsupdate can be handled separately (for example if you setup a WSUS and only let WSUS server go for windowsupdate on the Internet using appid windowsupdate).

The tricky part is how this cert whitelist which PA uses affects decryption. Will this whitelist always overrule decrypt settings or will a "deny flows which cannot be decrypted" overrule the whitelist - perhaps someone from PA could clearify?

Anyway - there might be countries/places where you are not supposed/allowed to decrypt stuff on the road. Banking/Financial seems to be a common example.

Otherwise it can be for performance reasons which you dont want to decrypt certain categories but in my opinion this is bad...

Re: Decrypt traffice

pnotpub — Fri, 15 Jun 2012 07:55:02 GMT

Your environment may wary from mine.
My reason for using decrypt is to see what hides inside. Checking the traffic is an attempt to look for and stop unwanted traffic.

So is it likely the “Shopping” may contain things that you do not want in your environment?
My 5 cents is that “Shopping” is not likely to contain malware in the encrypted stream. “Shopping” is likely to have some payment options (credit card numbers ). Are you allowed to view those ?
Decrypt may break some payment options (used in “shopping”).
Or you may want to limit or block shopping during work hours ?

Decrypting traffic may also have legal consequences. Your geographic location and laws that apply to your company, may influence your outcome. US and EU view of “privacy” are somewhat different.

/ Regards Paul M