NSA Advisory (TLSI)

Hits: 122

Now this release of a NSA Advisory on TLS encrypted channels, with inspection enabled, has some interesting information.

[TLSI (aka TLS break and inspect) is the process through which enterprises can inspect encrypted traffic with the help of a dedicated product such as a proxy device, a firewall, intrusion detection or prevention systems (IDS/IPS) ๐™ฉ๐™๐™–๐™ฉ ๐™˜๐™–๐™ฃ ๐™™๐™š๐™˜๐™ง๐™ฎ๐™ฅ๐™ฉ ๐™–๐™ฃ๐™™ ๐™ง๐™š-๐™š๐™ฃ๐™˜๐™ง๐™ฎ๐™ฅ๐™ฉ ๐™ฉ๐™ง๐™–๐™›๐™›๐™ž๐™˜ ๐™š๐™ฃ๐™˜๐™ง๐™ฎ๐™ฅ๐™ฉ๐™š๐™™ ๐™ฌ๐™ž๐™ฉ๐™ ๐™๐™‡๐™Ž.]

DOH! They can already monitor traffic, with compromised certificates.

[While some enterprises use this technique for monitoring potential threats such as data exfiltration, active command and control (C2) communication channels, or malware delivery via encrypted traffic, this will also introduce risks.]

C2 malware delivered over encrypted channels? YIKES!

https://www.bleepingcomputer.com/news/security/nsa-publishes-advisory-addressing-encrypted-traffic-inspection-risks/#.XdSmulZOing.facebook