Was ist SSL-Scanning?
SSL (Secure Sockets Layer) and a more modern version called TLS (Transport Layer Security) are the industry standards for transmitting secure data over the Internet. SSL encrypts data that’s being sent between a remote user and a web server. It uses multiple blocks of highly complex algorithms to scramble data.
An ‘encryption key’ is needed to unscramble or decrypt the data so it can be used. Currently, no weakness has been found in these encryption algorithms. This means brute force is the only existing form of attack that can decrypt encrypted data.
How Does SSL Work?
When you attempt to access a website, the two entities, browser and web server, create a secure SSL connection. All data transferred back and forth is encrypted. SSL encryption and decryption are key-based. There are three keys used in the SLL process. They are public, private, and session keys.
- The web browser requests that the web server identify itself.
- The web server acknowledges the request and sends a copy of its SSL certificate, including its public key. A certificate is an electronic document used to prove the ownership of a public key and includes information about the identity of its owner and the digital signature of the entity that has verified the certificate’s contents.
- The web browser checks the certificate against a trusted list. If the browser trusts the certificate, it creates and sends a joint session key using the web server provided public key.
- The web server decrypts the session key using its private key and sends back an acknowledgment encrypted with the joint session key.
- The browser and web server now use the same joint session key, thus reducing latency and improving performance.
Public and Private Keys
>If something is encrypted by a public key, it can only be decrypted by the matching private key. Each entity, browser, and the web server has a private and public key.
At the beginning of a session, public keys are exchanged so that information can be encrypted at the source using the public key belonging to the destination. The encrypted data is sent across the Internet to the destination using its public key. Once it arrives, it is decrypted using the destination’s private key.
Session Keys
>To reduce communication latency and compute cycles, the process is only used to establish the connection. From that point on, a shared session key is used. The basic handshake steps are as follows,
If something is encrypted by a public key, it can only be decrypted by the matching private key. Each entity, browser, and the web server has a private and public key.
At the beginning of a session, public keys are exchanged so that information can be encrypted at the source using the public key belonging to the destination. The encrypted data is sent across the Internet to the destination using its public key. Once it arrives, it is decrypted using the destination’s private key.
To reduce communication latency and compute cycles, the process is only used to establish the connection. From that point on, a shared session key is used. The basic handshake steps are as follows,
- The web browser requests that the web server identify itself.
- The web server acknowledges the request and sends a copy of its SSL certificate, including its public key. A certificate is an electronic document used to prove the ownership of a public key and includes information about the identity of its owner and the digital signature of the entity that has verified the certificate’s contents.
- The web browser checks the certificate against a trusted list. If the browser trusts the certificate, it creates and sends a joint session key using the web server provided public key.
- The web server decrypts the session key using its private key and sends back an acknowledgment encrypted with the joint session key.
- The browser and web server now use the same joint session key, thus reducing latency and improving performance.
Laden Sie unser eBook herunter. Dieser neue Ansatz für die Vernetzung umfasst eine Reihe von vollständig integrierten, über die Cloud verwalteten Security-Services, die vor Ort oder in der Cloud mit zentral verwalteter Sicherheit bereitgestellt werden. Erfahren Sie, wie Sie:
- Verringerung der Komplexität und des betrieblichen Aufwands
- Benutzerfreundlichkeit / Transparenz für Anwender
- Mehr Sicherheit durch einen Zero-Trust-Netzwerkzugriff
The challenge with this scenario is how do intermediate devices perform SSL scanning or TLS scanning. It resides in the communication path and needs to inspect encrypted traffic for cyber-attacks, such as malware. If the traffic is encrypted, it can’t be inspected.
Inspection devices such as next-generation firewalls, CASBs, routers, and secure web and email gateways need to perform deep packet inspection using SSL scanning. These cybersecurity devices can be found wherever a connection to the Internet or cloud service is desired.
Cybersecurity SSL scanning or TLS scanning can only occur if the data is not encrypted. This means devices that stand in the middle of the data path and perform cybersecurity need to decrypt the data, inspect it, and then re-encrypt the data.
Devices that stand in the middle of a communication path are intended to keep users and organizations safe from malicious internet traffic. When the user initiates a session with a web server, the device receives the request. It acts as an intermediary, having a conversation with one entity such as a web browser, and then relaying that conversation with the web server. All the time, they are inspecting what one is communicating with the other.
SSL scanning has been in use since the mid-’90s. It’s been upgraded to TLS scanning, which includes many improvements to keep pace with the ever-growing number and diversity of cyber-threats. When developing a cybersecurity posture, it’s important to understand where the SSL or TLS scanning is performed and the depth and quality of the inspection.
Keeps Users Productive and Safe While Guarding the Edge
Contact our customer advocates and learn about the various technologies, such as SSL/TLS scanning, used to deter, detect, and remediate cyber-attacks using a multi-layer cybersecurity stack.
