Segurança Em Redes De Comunicações

Control By Analysis of Higher Layers

Traffic flow control based on higher layer data/protocols only works with not ciphered traffic.

Some firewalls provide decryption and inspection of SSL/TLS traffic.

Traffic deciphering may be achieved using a root certificate on client machines, acting as Certificate Authority for SSL requests.

  • Firewalls must issue certificates to clients on behalf of the web servers they are connecting to.

  • Firewalls intercept SSL/TLS handshake.

  • Requires client device level changes.

Implementing this technique is processor-intensive.

  • Results in performance degradation.

  • Can be avoided by off-loading SSL/TLS decryption to a dedicated device.

May break privacy/confidentiality laws and rights in some countries.

PreviousLinux IPTablesNextPublic Key Infrastructure (PKI)

Last updated