SSL decryption may facilitate enterprise information security protection

Enterprises make huge investments to ensure the proper deployment and operation of security systems, so as to protect enterprises from network security threats. In fact, one of the key prerequisites for the normal operation of enterprise security systems is that the traffic is readable. That is to say, if the traffic through the system is encrypted, the security system deployed by the enterprise may not function.

VPN (Virtual Private Network) Remote Access has almost become a necessary function for enterprises. Therefore, more and more encrypted traffic flows in the enterprise network. According to statistics, 36% of the enterprise network traffic is encrypted. For security systems deployed by enterprises, more than 1/3 of the traffic cannot be detected. In addition, some employees know how to avoid security checks. In fact, enterprises face a great risk of data leakage.

In fact, enterprises have very good reasons to decrypt SSL sessions, such as preventing botnet connections in malware or preventing rogue employees from leaking sensitive business information from the inside. But at the same time, employees are afraid of data stream decryption, and they are excited to claim that their privacy is under threat.

Enterprises must use the strength of SSL decryption to eliminate the possibility of leakage of valuable intellectual property rights over the network. Therefore, it is best for firewall products at the network border to have SSL decryption function, which can be achieved through SSL traffic check.

Although the user praised SSL decryption, the company's employees strongly opposed this decision to trample on privacy. If an enterprise wants to implement SSL decryption, it needs to explain the necessity of this measure to its employees and try to obtain legal and human resources support and understanding.

In fact, enterprises are not interested in decrypting specific online services of employees. daily operations such as online banking do not pose any security threats. Therefore, enterprises only crack specific SSL encrypted streams to protect the legitimate interests and Sustainable Development of the company and its employees. In this way, the attitude of employees will be converted from "being calm ".

At present, several NGFW (next-generation firewall) Products of leading vendors have opened TLS 1.1 sessions through the certificate replication mechanism. This operation is very similar to man-in-the-middle attacks, but the initiators become the enterprises themselves. For example, a manager can detect source code extensions Based on keywords, and then issue alerts for potential intellectual property leaks. None of the solutions are complete. Therefore, this method cannot completely prevent data leakage.

SSL decryption can detect SSL encrypted data streams that are going to flow out and planned to flow out, but there are still several issues that need attention.

The SSL decryption mechanism adds specific processing procedures, which puts a series of new restrictions on the existing business environment, such as the number of SSL decryption tasks that the firewall can process each time. Because of resource requirements, managers must selectively specify the most risky detection objects.

The certificate replication mechanism used for SSL decryption will prompt "This certificate is untrusted" on the user side, but you can ignore it after notice. However, the company should not encourage employees to skip the false certificate prompt. On the contrary, it is more scientific to use eye-catching pages to prompt that the current "untrusted Certificate" is derived from SSL decryption.