Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 845
  • Last Modified:

SSL decryption appliances

Hi Experts,

I'm just looking for a high level answer. I read that Blue coat recently acquired Netronome SSL appliances. So basically, network administrators can now see inside an SSL packet that traverses the network.

Within any large organization there is a lot of appliance such as vpn, reverse proxies, web proxes, etc that do SSL encryption/decryption with the clients.  If the network folks implement an SSL decryption appliance, that would mean that they would have to get the private key from the other appliances that are currently decrypting the SSL, is that correct? So they would have to go into the cisco ASA and pull the private key for the vpn users. They would have to go to the ISA reverse proxy server and pull the private key that is applied to the reverse proxy instances.  Is that correct?  Or how else would it usually be deployed?
0
trojan81
Asked:
trojan81
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
It needs to be connected as an 'in-line proxy' as detailed in this description: http://www.infosecurityproductsguide.com/technology/2008/Netronome.html  The source connects via SSL/TLS to it and it connects for the source to the requested destination.  It can't 'see' anything that doesn't use the path that it is connected into.
0
 
trojan81Author Commented:
Thank you. Makes sense.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now