- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Palo Alto Networks answers the question, "What is SSL Decryption?" and explains how PAN-OS 10.0 brings on new features and options that help you leverage SSL Decryption to decrypt SSL packets safely and efficiently.
Now, more than ever, we are all about privacy and keeping ourselves secure (especially online). That is one of the beauties of SSL (Secure Socket Layer) or HTTPS, its ability to encrypt and secure your online activity.
SSL Decryption is the ability to view inside of Secure HTTP traffic (SSL) as it passes through the Palo Alto Networks firewall. Before SSL Decryption, firewall admins would have no access to the information inside an encrypted SSL packet, essentially, masking all activity. However, now SSL Decryption gives you visibility into the SSL packet to find hidden applications and threats inside SSL traffic, given the data is sourced from within your network.
Every day, more internet traffic is being encrypted with SSL or TLS. Some reports show upwards to 90-95% of traffic is now encrypted, depending on the platform. This will only increase in the future, especially, with search engines like Google starting to use HTTPS, and that means more things are encrypted.
Let's dive deeper. The more things become secure, the more that companies are essentially blind to any possible security risks inside the encrypted traffic. The other downside is that attackers are realizing new ways of delivering malware inside of the encrypted traffic.
SSL Forward Proxy (SSL Decryption) gives the firewall the ability to view inside of the traffic and perform all of the security checks you would not normally be able to see inside of an SSL encrypted packet.
SSL Inbound Inspection is a way for the firewall to inspect the communication of a web server protected by the firewall, by decrypting the traffic using the internal web servers SSL Certificate.
SSH Proxy is a way that the firewall can decrypt and inspect tunneled SSH traffic passing thru the firewall.
TLSv1.3 is the latest version of the TLS(Transport Layer Security) protocol, which is the improved version of SSL. One of the many new features of PAN-OS 10.0 is the ability to decrypt TLSv1.3.
For detailed instructions on how to implement SSL Decryption, please see the following sections of the Administrator's Guide here:
Configure SSL Forward Proxy - PAN-OS 10.0
Configure SSL Inbound Inspection
There are many resources available such as webinars and discussion forums technical documents, which I've listed some below.
Knowledge Base information:
For a SSL Decryption resource list, including troubleshooting, please see:
SSL Decryption Resource List on Configuring and Troubleshooting
For detailed information on decryption, please see:
Decryption: Why, Where and How
For a detailed overview on Decryption, please see the Decryption section of the PAN-OS Administrator's Guide here:
PAN-OS Administrator's Guide - SSL Decryption
For more detailed instructions on implementing SSL Decryption with PAN-OS 10.0, please see:
Deploy SSL Decryption Using Best Practices
We even have detailed troubleshooting resources for PAN-OS 10.0 available here:
Troubleshooting SSL Decryption and PAN-OS-10.0
ONLINE DISCUSSION
To keep the discussion going, I created a thread in the General Topics discussions about SSL Decryption:
Discussion - More information about SSL Decryption and PAN-OS 10.0
Please check it out and feel free to continue the discussion there.
You can even read more about SSL Decryption from the FUEL User Group:
How I Learned to Stop Worrying and Love SSL Decryption
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Joe Delio
End of line
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
5 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
1 Like |