Solved

SSL decryption appliances

Posted on 2013-12-28
2
802 Views
Last Modified: 2014-01-01
Hi Experts,

I'm just looking for a high level answer. I read that Blue coat recently acquired Netronome SSL appliances. So basically, network administrators can now see inside an SSL packet that traverses the network.

Within any large organization there is a lot of appliance such as vpn, reverse proxies, web proxes, etc that do SSL encryption/decryption with the clients.  If the network folks implement an SSL decryption appliance, that would mean that they would have to get the private key from the other appliances that are currently decrypting the SSL, is that correct? So they would have to go into the cisco ASA and pull the private key for the vpn users. They would have to go to the ISA reverse proxy server and pull the private key that is applied to the reverse proxy instances.  Is that correct?  Or how else would it usually be deployed?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39744418
It needs to be connected as an 'in-line proxy' as detailed in this description: http://www.infosecurityproductsguide.com/technology/2008/Netronome.html  The source connects via SSL/TLS to it and it connects for the source to the requested destination.  It can't 'see' anything that doesn't use the path that it is connected into.
0
 

Author Closing Comment

by:trojan81
ID: 39750379
Thank you. Makes sense.
0

Featured Post

Prevent Ransomware with Total Security Suite

With recent ransomware attacks topping the headlines, it might seem like there'e no hope in the battle against these advanced threats. Learn more about how WatchGuard's Total Security Suite can effectively prevent ransomware attacks including Petya 2.0 and WannaCry!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question