SSL Decryption: A Next Generation Firewall Must-Have Feature

Download Sample M365 Risk Assessment
Akins IT • July 30, 2019

NEXT GENERATION FIREWALL MUST-HAVE FEATURES

PART 2: SSL DECRYPTION 


In today’s digital age, security has become tantamount to success in ensuring business continuity. That said, ensuring that the latest and greatest security measures are in place on a network’s perimeter security appliance is crucial in ensuring a healthy and vulnerability-free network. In this blog, the NG or “Next Generation” firewall will be showcased to underscore some of the top modern-day features that should be taken into consideration when purchasing or refreshing a new firewall. These features will reduce the probability of successful attack, consolidate feature-sets, and ensure an optimal network. 


DEEP-PACKET SSL INSPECTION


It’s now estimated that over 70% of traffic is now SSL encrypted. From a security perspective, this means that every connection to an SSL enabled website is encrypted between the hand-shake of an endpoint (a computer) and the connecting server. This prevents any man-in-the-middle from inspecting the traffic and possibly compromising data in-between.


From an analytics perspective, this makes it increasingly difficult to effective monitor and log data that’s flowing through a network. The solution to this issue would be an implementation of SSL Decryption on an NG firewall.


In this scenario, a self-signed certificate generated from the firewall is assigned to all endpoints utilizing the network. The endpoint will “trust” the firewall and allow the firewall to attack as a decryption point into the network and allow, block, or log the traffic as needed. This is important in environments that require granular logging or requires regular reports on network traffic.


Additionally, this allows administrators to block specific parts of a website. For example, objects within a site can be blocked and certain parts can be left as-is.


STAY TUNED NEXT WEEK FOR PART 3: MALWARE/IPS PREVENTION.

68% OF BREACHES ARE NOT DISCOVERED FOR MONTHS OR LONGER.

LEVERAGE FORTIGATE'S CYBER THREAT ASSESSMENT PROGRAM (CTAP) TO FIND WHAT'S BEHIND YOUR FIREWALL. 
GET A FREE CTAP TODAY
CONTACT US TO LEARN MORE ABOUT THIS TOPIC OR TO SCHEDULE A CALL

Improve Productivity with Copilot and Akins IT

By Shawn Akins December 13, 2024
Unleashing Productivity: Maximizing Potential with Copilot for Microsoft 365 and Akins IT

Collaborate Securely with Akins IT

By Shawn Akins November 25, 2024
Security Insights

Navigating the End of the Microsoft Enterprise Agreement: What It Means for Our Customers

By Shawn Akins November 13, 2024
One of the most impactful changes is the upcoming end of the Microsoft Enterprise Agreement (EA) framework, set to take effect on January 1, 2025.
More Posts