Module 13 Using Decryption Flashcards
What are digital certificates used for?
Digital certificates used to authenticate the communication between end nodes.
SSL and TLS help prevent what?
Data exfiltration and malware introduction
What happens to inbound SSL traffic to the firewall?
Traffic is decrypted so it can be inspected by App-ID, Content-ID
Why decrypt traffic?
Most web traffic is encrypted - but, we want to enforce decryption leaving the firewall and entering the firewall. This protects sensitive data from leaving and malicious content entering the network.
- enabling decryption includes preparing the keys and certs for decryption.
SSL/TLS - how are digital certificates used. (6 steps)
Client requests SSL connection
Step 2
SSL server sends server certificated (signed copy of public key). Cert contains its identity and public key.
Step 3
Client verifies the server certificate, uses PKI (Public Key Infrastructure) to validate the server cert and public key.
Step 4
As long as the server public key is good, client uses server public key to encrypt a symmetric session key. Then it is sent to the server. Client Sends encrypted copy of session key to server.
Step 5
Server uses its own private key to decrypt the copy of the session key.
Step 6
Both sides use the session key to encrypt comm for privacy
What are the firewall decryption types
SSL Forward proxy (Outbound), SSL Inbound Inspection, SSH Decryption.
Break——————————————————————————————-
PKI
Public Key Infrastructure
What is asymmetric
Two - public and private key. They are created at the same time, two mathematically related keys. Then you decide which is public and which is private.
What is symmetric encryption
A single shared key, encrypt and decrypt with the same key.
