?
Solved

SSL decryption appliances

Posted on 2013-12-28
2
Medium Priority
?
812 Views
Last Modified: 2014-01-01
Hi Experts,

I'm just looking for a high level answer. I read that Blue coat recently acquired Netronome SSL appliances. So basically, network administrators can now see inside an SSL packet that traverses the network.

Within any large organization there is a lot of appliance such as vpn, reverse proxies, web proxes, etc that do SSL encryption/decryption with the clients.  If the network folks implement an SSL decryption appliance, that would mean that they would have to get the private key from the other appliances that are currently decrypting the SSL, is that correct? So they would have to go into the cisco ASA and pull the private key for the vpn users. They would have to go to the ISA reverse proxy server and pull the private key that is applied to the reverse proxy instances.  Is that correct?  Or how else would it usually be deployed?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 2000 total points
ID: 39744418
It needs to be connected as an 'in-line proxy' as detailed in this description: http://www.infosecurityproductsguide.com/technology/2008/Netronome.html  The source connects via SSL/TLS to it and it connects for the source to the requested destination.  It can't 'see' anything that doesn't use the path that it is connected into.
0
 

Author Closing Comment

by:trojan81
ID: 39750379
Thank you. Makes sense.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question