Written by: Daniel Haurey on 04/28/16

Online services have moved to protect your privacy by encrypting the data you send and receive across the internet.  While this does keep your data from prying eyes, it also opens up an avenue for new threats to pass under the radar.  You hear us at Exigent talk about layered threat protection all of the time.  The firewall is usually your biggest line of defense and SSL introduces a problem.  Most firewalls are dependent upon signatures for identifying traffic, applications, viruses and other threats.  When traffic is encrypted, it passes through the firewall without triggering any of these detection methods, as the information is truly randomized until it reaches the client machine or another endpoint.  With 60% of all traffic on the internet being encrypted today (and that number is growing), your firewall is missing more than half of the traffic coming in.  The bad guys are now using SSL to deliver their content too, allowing viruses, malware and other threats to pass undetected.

Our best-in-class firewall platform – Dell SonicWALL, has the functionality to address this flaw by incorporating SSL inspection and detection.  Essentially, the firewall impersonates the user making the connection to a secured site (proxying the SSL request).  This is also referred to as “man in the middle”.  Now that the firewall looks like the endpoint, it is able to decrypt the data as it is passed back to the system, inspect it and then re-encrypt it before forwarding it on to the intended recipient.  This ensures that the full suite of security components can be applied to encrypted traffic while still keeping that traffic protected as it travels the network.ssl

Why doesn’t everyone do this?  SSL is a cryptographic method which incurs quite a bit of computational overhead.  Typical stateful firewalls don’t have the compute power or feature-set to handle this workload.  Even a SonicWALL, if not sized to compensate for the overhead, will exhibit performance degradation.

When selecting a firewall platform, you have to consider that the network speed and the volume of encrypted data is constantly growing.  These lead to higher performance requirements over time, so you have to think about your purchase and how it will handle the next 3-4 years of growth.  There is also some overhead to make this process work, as the certificates used to re-encrypt the data before sending it to the recipient must be deployed and installed onto all devices on your network, otherwise, you’ll constantly get errors that the site does not match the security certificate and that could mask another type of threat.  This can be automated with group policy or deployed through a simple sign-up page on an internal website.

Don’t ignore the significance of SSL in your environment.  While there is a time investment required to get the most out of SSL inspection, it’s quickly becoming the most important and least visible traffic on your network.  The bad guys are smart, and their use of SSL to hide bad things in your network payload will continue to rise.  We need to always stay one step ahead of them!