Solved

SSL decryption appliances

Posted on 2013-12-28
2
768 Views
Last Modified: 2014-01-01
Hi Experts,

I'm just looking for a high level answer. I read that Blue coat recently acquired Netronome SSL appliances. So basically, network administrators can now see inside an SSL packet that traverses the network.

Within any large organization there is a lot of appliance such as vpn, reverse proxies, web proxes, etc that do SSL encryption/decryption with the clients.  If the network folks implement an SSL decryption appliance, that would mean that they would have to get the private key from the other appliances that are currently decrypting the SSL, is that correct? So they would have to go into the cisco ASA and pull the private key for the vpn users. They would have to go to the ISA reverse proxy server and pull the private key that is applied to the reverse proxy instances.  Is that correct?  Or how else would it usually be deployed?
0
Comment
Question by:trojan81
2 Comments
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39744418
It needs to be connected as an 'in-line proxy' as detailed in this description: http://www.infosecurityproductsguide.com/technology/2008/Netronome.html  The source connects via SSL/TLS to it and it connects for the source to the requested destination.  It can't 'see' anything that doesn't use the path that it is connected into.
0
 

Author Closing Comment

by:trojan81
ID: 39750379
Thank you. Makes sense.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now