Password Attacks

5 Types of Password Attacks and how you can prevent them

If you think about why password attacks and breaches are so common, the answer to that is simple – people use passwords that are not strong enough or those that can be easily hacked through trial and error. During times like these, the best thing to do is keep our passwords strong. Cybercriminals are clever enough to realize that if they have hacked one of your passwords, they can try the same cracked password in the other accounts that you may or may not have.

The important thing here is to improve your password security so that it puts up additional barriers for the potential hacker to overcome.

 

Here are 5 types of Password Attacks and how you can prevent them:

Man-in-the-middle Attacks, Brute force Attack, Dictionary Attack, Credential Stuffing, Phishing and Keyloggers. Now let’s dive into each of these in detail.

 

Man-in-the-Middle Attacks

Imagine you are at a restaurant with someone (probably on a date or on a business meeting). The conversation is going great, the ambience is amazing; everything is just fine except this one thing. The waiter keeps interrupting you every now and then. Probably eavesdropping or maybe just there to ruin your time. That waiter is a “Man-in-the-Middle”. Someone who is uncalled for and not needed.

Or just imagine, you are there at the restaurant to meet Person A and you meet and have a proper conversation only to realize somewhere in between that the person you are talking to is faking it. It is not Person A but rather Person B. Terrifying scenario, right?

Man-in-the-Middle Password Attacks are just the same.

Three people are involved in this type of attack. The cyberattacker, the initiator (sender) and the receiver (recipient).

In this type of password attack, you’d find the cyberattacker impersonating either the sender or the receiver, most probably through an email. The look and feel of the email would be authentic and there’ll be some minor differences that will be hard to catch.

 

Here’s how you can steer safe from or prevent Man-in-the-middle attacks:

VPN: A private network/tunnel, where confidential information is passed through the encrypted tunnel and man-in-the-middle attacks are very rare in this case. However, the VPN that you subscribed to should be a trusted entity. Don’t just go for any VPN provider.

Encryption: If your router is not encrypted and locked, anyone who connects to your network can have access to the data that is passing through the users connected to the network. Use a strong password on your router/modem.

Extra Security: Enable 2FA or MFA on your home Wi-Fi or router.

 

Brute-force Attack

As the name suggests – a hit-and-miss, trial-and-error of passwords. Usually, an automated approach where a permutation and combination of various passwords is tried one after the other on a system.

At least some accounts could be hacked through this method if not all.

 

Types of Brute Force Attacks

Apart from the general type of Brute Force Attack (which is random guesswork), there are other advanced types such as:

  • Dictionary Attacks:
    A type of brute force attack where every word in a dictionary is typed out as a possible password. It is also used to decrypt encrypted information.
  • Hybrid Brute-force:
    An analysis on which combinations would work
  • Rainbow Table Attacks:
    Passwords typed are stored in hash – this attack targets those. The table is used to guess functions up to a certain length.

 

All these brute-force password attacks use automation and bots to crack passwords since multiple attempts are made.

 

Credential Stuffing

These often have a logic behind them. How credential stuffing works is:

  • Automation methods or bots are set up and it starts cracking into systems faking its IP address by trying different password combinations. There may or may not be multiple bots at work at once.
  • Once this is done the password that has been cracked is tried across multiple websites to see if it has been used somewhere else or not.
  • Once cracked, the password is then saved to be used for future use.

Since the method is quite intelligent, you need to have better preventive measures to tackle this:

  • Using Captcha:
    Remember how you try to access a certain part of a website or somewhere that requires form filling, you are prompted to solve a simple puzzle, or type the alphanumeric that is displayed on the screen. Bots are not always that intelligent hence it becomes difficult for them to crack this stage.
  • Block IPs:
    If you see someone trying to access using the same few IP Addresses, you can prevent that by blocking the IPs. But there is no guarantee to this as the cyber attacker may have multiple such IPs in hand or even if a few are blocked, it may be easy for him to fake his IP address again and try.
  • MFA:
    Enabling multi-factor authentication leads to one more layer of added security. Most probably you will get a code on your email ID or a notification on your mobile device.

 

Phishing

A Social Engineering attack. This type of attack is meant to steal user data such as credit or debit card details. Quite similar to a man-in-the-middle attack, the cyber attacker impersonates themselves as a trusted entity and fools the target into opening an email or a link in a message which is meant to steal data.

Here is how you can prevent phishing attacks:

  • If something sounds too good to be true or if the sender is unknown, you have to do a thorough verification of their email ID.
  • Look for spelling mistakes in the domain name within the email ID.

There are different types of Phishing password attacks such as:

 

  • Smishing:
    The name is coined from 2 words: SMS + Phishing= Smishing. Nasty attack and a type of phishing where the attacker masks himself to be a prestigious, trustworthy institution like a bank with the aim of asking for confidential information. Usually, through that one SMS, the user is asked to reply back with details on that number or by asking to click a link within the SMS.

 

  • Spear Phishing:
    When an email seeks unauthorized access to sensitive information. This type of attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These also appear to come from a trusted source.

 

  • Whaling:
    Whale = The Giant fish. You receive an email from someone who seems like your boss, with very minor spelling errors and you send them sensitive information that they have asked for

 

Keyloggers

Now this one’s is mean. Keylogger is nothing but one of those password attacks where a spyware keeps track of the user’s activity. Cyberattackers use this type of attack to steal sensitive data. Keyloggers can steal the data either by connecting the targeted PC or mobile it to a hardware device or through software.

The attack through software occurs when people fall trapped by clicking a malicious link or attachment. Malware gets installed in their device and it automatically fetches sensitive data.

 

Password Best Practices

  • Your email should have a mix of uppercase, lowercase and numbers and special characters in them.
  • It should be lengthy. The longer the better. Might as well take a few extra seconds to type a long password rather than face the risk of losing data.
  • Once you do all this, make sure you rest your passwords in a timely fashion.

 

Frequently Asked Questions

What is Password Spraying?

You must have noticed that if you mistakenly type incorrect passwords at a stretch, your account could get blocked for some time. So, Password Spraying- a type of Brute Force Attack but a unique one, is wherein if the attacker has set a constant password for eg: abc123, and instead of trying a new password every time, the attacker keeps changing the username. In this way, the account will not get blocked as well.

 

What is Spear Phishing?

When an email seeks unauthorized access to sensitive information. This type of an attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These types of password attacks also appear to come from a trusted source.

 

What helps protect from Spear Phishing?

  • Never click links or open or download attachments from unknown sources
  • You can block email addresses that look fishy
  • Update your system software to the latest build
  • Enable 2FA

 

What is a common indicator of a Phishing Attempt?

  • A logo that looks very similar to any popular brand out there
  • A name or an email address which sounds similar to a reputed organization
  • Malicious link or attachment
  • Shorter Content
  • Spelling Errors

 

How long does it take to crack an 8 digit password?

Less than 8 letter Passwords that have only numbers or only letters can be instantly cracked. But a password that has more than 8 characters takes longer (years if not less) to crack, if it is a mix of alphanumerics, different cases and special characters.

Upcoming

Do keep an eye on our blog section since we keep uploading a new blog every week.

 

 

outsourced noc services

Should an MSP outsourced NOC Services? A Mini-Guide on NOC Outsourcing

Outsourced NOC Services

The pandemic disrupted many businesses but also sowed seeds for many, to grow. Even at a time like this, as an MSP, the one thing you cannot afford to risk is- your clients and their network. With the blow to businesses and teams scattered at remote locations, companies wanting to cut their operational costs is natural. But how can an MSP not only reduce costs but also onboard new clients and improve service quality, simultaneously? It may sound too good to be true but the option that enables this is- Outsource NOC Services. 

If the right Master MSP and the right resources are found, things can be exceptional for you; all you need is a capable, knowledgeable, skilled team.  

 

What do outsourced NOC Service Providers do? 

Similar to your in-house NOC Team, their sole purpose is to ensure that all your clients’ systems are patched and in a healthy state. Unpatched systems can often act as potential vulnerabilities by acting as an open backdoor to cyber attackers. No loopholes and open backdoors mean- minimal or no potential vulnerabilities. The outsourced NOC team should also ensure that all managed AntiViruses are enabled & updated and all Backups are systematic and in order.

Outsourcing NOC Services: a good option or not? 

Often MSPs can face this question. For some, there’s constant juggling between hiring an in-house resource and outsourcing. But is outsourcing the right option for you? Below are some scenarios which would address your dilemma and provide more clarity. 

You should outsource NOC Services if you: 

  • Have fewer clients and want to increase your clientele, without a massive increase in operational costs 
  • Want to improve the quality of your service without a massive increase in operational costs 
  • Find hiring and training a skilled resource to be time-consuming and stressful 
  • Need access to all the services a pool of talented engineers can provide 
  • Need a team to look after your clients’ network 24×7 

How do I outsource NOC to the right company? What factors should I consider?

If you’ve narrowed in on “Outsourcing”, the following question in your mind would be “How do I find the right company to outsource to?”. That’s a valid question. You must have shortlisted a few companies, now how to finalize one? 

  • Check how many clients the company has successfully served? 
  • Contact them or check their website to see if they have enough skilled resources. 
  • Size of the company- is the Master MSP serving other clients of your size or are they serving too many or too few. It is very important to find an outsourcing partner that understands the problems, challenges and has appropriate solutions for a company of your size.  
  • Cost comparisons- Finding a Master MSP that serves other clients like you, means that they’ll most probably fit-in in your budget 
  • Usually, Master MSPs tend to be vendor-agnostic, check if they can indeed work on the platform that you function on
  • Lastly, a major inhibition for many is- Trust. How can you trust a company that is located miles away from you, as outsourcing involves the transfer of confidential data and information? Well, look for certifications that prove how serious Information Security is to the company. For instance, a relevant ISO certification can help prove the authenticity and is a highly regarded testament.

  For more general factors that you should consider, you can read this article by business.com

What you should expect from your prospective NOC partner? 

  • Do they just monitor or do they monitor, troubleshoot and remediate as well? 
  • Do they support legacy systems as well as the latest technologies (depending on your need)? 
  • A clear, well-defined SLA (Service Level Agreement) 
  • AV and Backup Management
  • 24x7x365 support services- ensuring up-time and efficiency
  • An experienced, trained team that has the right technologies and processes in place to serve a myriad variety of clients. 
  • Seamless coordination between people, technologies, processes enabling quicker response times and prompt actions 
  • Detailed documentation 
  • They should look after Vendor Liaison when needed 

 

What you shouldn’t expect from an outsourced NOC Team? 

Similar to your in-house NOC Team, an outsourced NOC Team would also not remediate security threats. 

But the 24×7 Monitoring and proactiveness of the team can help them notify you of unusual activities if any. Once the team raises an issue, the authorized security team can look into it. 

 

Advantages of outsourcing NOC Services

  • Your team can focus on business expansion rather than technicalities and troubleshooting routine tasks. Focusing on more revenue-generating tasks can lead to a faster growth 
  • Finding, hiring and training can be avoided
  • Cost Advantages- you can easily compare the costs you would incur when hiring an in-house resource as opposed to getting an equally skilled outsourced resource
  • You’ll need fewer physical devices 
  • Fewer downtimes 
  • Prompt response to outages, when they do occur
  • Round the clock support 

 

If you are looking for a NOC Partner, look no further. Master MSPs like Infrassist work as your white-labelled NOC Service Providers enabling you to leverage technologies that will help you serve your clients better. Our NOC team provides 24×7 cost-effective, proactive solutions that help MSP serve their clients in an agile & effective manner.

Infrassist has been ISO 27001:2013 Certified for the second consecutive year which highlights that we have all the systems and processes in place to ensure information security of not only us but our clients as well.

To know more about us, our story, our Certifications and read some testimonials, you can click here.

Frequently Asked Questions

What is remote NOC?

Remote NOC is the ru003cspan data-contrast=u0022autou0022u003eemote management of your client’s IT Network and to check if they are in a healthy state or not. It ensures that all your clients’ systems are patched, backups are updated or not, and ensures network security too. Unpatched systems can often act as potential vulnerabilities by acting as an open backdoor to cyber attackers. No loopholes and open backdoors mean- minimal or no potential vulnerabilities.u003c/spanu003e

What is an outsourced NOC?

When you outsource your IT Network (to MSPs) or your clients’ IT Network to a third-party (to Master MSPs), it is an outsourced Network Operations Center (NOC). Which simply means, you are not monitoring, managing or fixing your IT Network but some third party is.

What does a NOC engineer do?

A NOC Engineer performs three major tasks: Monitoring, Alerting, Troubleshooting and/or fixing alerts.u003cbru003eu003cstrongu003eWhat do they monitor?u003c/strongu003eu003cbru003eThey monitor devices like Laptops, PCs, Tablets and Servers, Workstations etc.u003cbru003e

Which types of organizations should keep a NOC in-house?

Well, you may feel important to have an in-house NOC, highly depending on your circumstances but the setup, infrastructure, hiring NOC Engineers who have the right skillset can be challenging. Whereas outsourcing can help you cut costs on Infrastructure and help you minus the hiring stress (if you outsource to the right partner or a partner that fits your needs.)

 

what is a vpn connection

What is a VPN Connection: A brief guide on Corporate VPN

What is a VPN Connection? 

For many, this termVPN might have been unheard of, before the work-from-home situations arose. For others, this term would have been highly familiar already. VPN is an abbreviation for Virtual Private Network. This blog post will be focusing on Corporate VPN and not personal VPNs.

Virtual means, a tunnelling protocol is created on a virtual medium. There is no physical connection. It’s a tunnel that cannot be accessed by the public, hence the name Virtual Private Network. The encrypted tunnel helps connect 2 endpoints i.e., your PC to the VPNs’ remote Server/Service Provider. 

But for it to remain private and provide full protection, it demands encryption. The public network can see that a tunnel exists but it would not know what data flows through it because of encryption via IPSec (Internet Protocol security), SSL or other such protocols. The people who have the decryption key or password are the only ones who can view and access the information that flows through it. 

 

 

What is a Corporate VPN? 

A Corporate VPN enables secure access and end-to-end encryption between devices in the same internal network no matter where they are working from. It has fewer limitations and provides enhanced security and more flexibility. 

The most common advantage it creates a corporate environment from the comfort of your own house. Employees can access files and do their work as if they are present in the office, physically.  

Some organizations use Virtual Desktop Infrastructure for convenience but VPNs are more cost-effective and also gets the job done by providing you with the needed security features. 

VPNs provide full anonymity by encrypting your connection, disguising IP and prevent ISPs or the government from prying on any confidential information. Your IP Address becomes distorted when your data passes through the encrypted tunnel enabled by the VPN. VPN users would all have an IP address different from their original IP, which is made possible with the help of a VPN Gateway.

 

What is VPN Gateway?  

A VPN gateway, also sometimes referred to as a VPN Concentrator, is a networking device that helps connect 2 or more nodes. 

It connects, routes, blocks or passes VPN Traffic across multiple users present in remote locations. Encryption and decryption of data and end-to-end delivery is ensured. The Gateway can be a router, a server or a UTM firewall, whose function is to assign IP addresses and manage multiple VPN Tunnels simultaneously. 

 

Out of IPSec, SSL, L2TP, and PPTP, which one is the most secure? 

Several tunnelling protocols are prevalent but corporate VPNs use either an IPSec, SSL or an MPLS protocol (MPLS will not be discussed in this blog post as it is a vast topic which would require an entire blog dedicated to it). 

1. IPSec Protocol 

IPSec verifies the session and encrypts each data packet. It can be used with other security protocols to improve security. Additionally, the user and the server must negotiate the parameters to keep the tunnel secure. 

2. SSL/TLS Protocol 

SSL VPN uses the SSL/TLS protocol. It is much simpler than IPSec.The data flowing through this tunnel is encrypted using the SSL or TLS Protocol. All traffic flowing between a web browser and an SSL VPN device is encrypted with this protocol. It is the most secured VPN protocol out of all the others. SSL is not preferred for network-to-network communication but is predominantly used for client-to-network communication. 

3.  Layer 2 Tunneling Protocol(L2TP)  

Often combined with IPSec to establish a super secure, double encapsulated connection. L2TP creates a tunnel between two L2TP points and IPSec helps encrypt the data for enhanced security. L2TP doesn’t provide encryption of its own. It relies on IPSec for its cryptographic requirements. 

4. Point to Point Tunneling Protocol (PPTP)  

PPTP is easy to set up but not as safe and secure as all the other types. It is speedy because of its low encryption level. No additional software is needed but it has many loopholes and can be blocked by firewalls.

 

Split VPN 

A major issue that people usually face while working from home was, their bandwidth getting hampered because of corporate and personal data being flowed through the same encrypted tunnel. The solution to this is the Split Tunnel VPN. 

Split tunnelling is a feature which enables the movement of corporate data through an encrypted tunnel and personal data to move through an unencrypted tunnel. 

However, features like these come with their own set of Pros and Cons. Let us dive into both. 

Pros 

  • Conserves Bandwidth as your internet traffic does not have to pass through the VPN Server 
  • Reduced traffic through each tunnel 
  • Increased bandwidth speed 

Cons 

  • Assume that a hacker has penetrated an employees’ network, and the split tunnel is poorly encrypted; it leaves room for the hacker to hack the corporate data. 

 

Full Tunnel 

The entire web traffic, corporate or personal would pass through a single, encrypted tunnel. All policies are set by the company, where access is denied for websites or apps that hamper employee productivity. Employee activity is tracked throughout the entire day. 

 

 

Types of VPN 

Remote Access VPN (Host-to-Site VPN) 

Remote Access VPN is feasible for connecting an individual, to the corporate internal network. A virtual tunnel is created between the employee and his/her company. And these are also secure and affordable.  

This can be further split into: 

NAS (Network Access Server) 

Could be a server or a software application. NAS asks for credentials to let the user sign in to the VPN 

VPN Client Software 

Users will have to install client software or a specific application, to enable this. The software creates the virtual tunnel connection to the NAS and also looks after the encryption. 

 

Host-to-Host VPN  

Here, two hosts are connected through a VPN Tunnel to enable secured data transfer. Before any type of transmission, the user is authenticated and encrypted keys are exchanged between the two users. 

 

Site-to-site VPN 

This type is most common in large business organizations. When remote, these are further divided into 2 types. Intranet-based Site-to-Site VPN and Extranet based Site-to-Site VPN. Let’s take the example of Infrassist itself, we have our head office in Ahmedabad, India and we have a branch office in Sydney, Australia; to ensure a secure connection between the two offices, an Intranet based site-to-site VPN is used.  

And if Infrassist is communicating with another organization, the secure transmission of data would be done using Extranet-based Site-to-Site VPN. 

When it comes to a corporate VPN, two types of topologies are present which could be explained easily through an example. 

Let’s suppose that Infrassist Technologies Pvt. Ltd has its Head Office (HO) in Ahmedabad, India and has 10 branch offices (BO) spanning across the globe. So, that means 11 offices in total.

Mesh Topology  

Assume that the company has structured its networks and tunnels in a mesh topology formation. If BO 1 is communicating with BO 2, the information is directly passed through the tunnel between them. No information is passed via the head office. 

Advantage:  

Branches remain independent so if the server at the HO goes down, the branches will remain functional and will not face any issue or glitch. 

If one branch in the network goes wrong, it doesn’t affect the routing between other nodes (Branch offices) 

Disadvantage: 

  • The HO does not have any control over the information flowing between its branches. 
  • If a 12th branch gets added, or every time a new branch is opened, a new VPN Configuration will have to be established on each of the other BOs.  

 

Hub & Spoke Topology 

It is a simple network structure where a central node is connected to all the other nodes. In a hub & spoke topology, every communication that happens across branches, will all have to pass via the head office.

Advantage: 

  • Better control over the communications that take place across branches. 
  • If a new branch is to be added to the network, the configurations for the same will be done only at the HO, branches need not carry out separate configurations. 
  • If one branch in the network goes wrong, it doesn’t affect the routing between other nodes (Branch offices) 

Disadvantage: 

  • If the server at the head office goes down, the entire network structure/topology will get affected. 
  • Lots of traffic is accumulated in the Head Office. 
  • High processing power is required at the Network Centre. 

 

 

VPN Security Best Practices 

When a large number of people work remotely, cyber threats are bound to arise. This has nothing to do with the dangers or security concerns associated with the VPN; the reasons could be that- 

  • Organizations associated with a cheap VPN Vendor 
  • Organizations don’t often update their VPNs with the latest security patches 

To mitigate these risks, Cybersecurity and Infrastructure Security Agency (CISA) has recommended the following best practices- 

  • Strong passwords should be set 
  • MFA should be enabled 
  • Update VPNs with the latest patches 

A few other VPN best practices include, 

  • Geo-boundaries can be set. If you are a company that is confined to Sydney only and you have 2-3 branches in the same city, you can set geo-boundaries so that no one else residing outside Sydney will have access to the corporate network. 
  • Minimalistic Access: Only a limited number of employees can access a certain folder. For example, the senior management or the directors will have access to a folder which is restricted for use to other employees. 
  • Reauthentication: You can set policies wherein the user is reauthenticated every 4 hours or every week etc.

Frequently Asked Questions

What does a VPN do?

VPN is an abbreviation for Virtual Private Network. It is a service that helps you remain incognito when you are browsing online. A VPN helps form an invisible encrypted tunnel or a connection between your computer and the internet. So while you are surfing on public networks, your data and identity remains anonymous and secure at the same time.

What is VPN used for?

To let the user that is searching on the Internet remain private and incognito. Mostly used when one is looking to bypass any type of censorship or geographical restrictions.

Make sure you use the VPN Service of a company that you trust and avoid free VPNs.

 

How to set up a VPN?

One way to set up a VPN is to set up a connection at home, using your router. The second way to do it in your Windows is by going to the start menu and typing VPN and add a VPN in the option. You can also set up a VPN on your Mac Device and iOS. To learn how to do this in-depth, read this blog.


 

Upcoming

If you are interested in reading technical blogs, we suggest you keep an eye on our website’s blog section every week.

 

scanning ssl

SSL Scanning

SSL Scanning: What you should know and how should you do? 

Most of the traffic passing through your network firewall these days is over SSL (Secure Socket Layer) or HTTPS.  Which means that it is encrypted in nature. And at some point, all IT Admins and MSPs (Managed Service Providers) have come through a question from the client which needs DPI (Deep Packet Inspection) to be implemented to be able to get full visibility of the traffic. This blog talks about scanning SSL traffic.

10 min read, 30-60 mins implementation with testing 

Before we go further, let us understand the biggest downside of the scanning and the error most users complain aboutInvalid certificate or red padlock icon in the browser wherein, the browser shows error and needs us to click on either the advanced tab or proceed to unsafe website. This by far is the biggest challenge we face in day-to-day administration.  

 

red padlock

 

Where does DPI come into the picture? 

The DPI on any firewall is used for two purposes 

  • To identify apps communicating over SSL  
  • For websites that use HTTPS. 

 

For Apps that use SSL, the DPI engine on any firewall would subject the traffic to an internal proxy engine. The proxy engine inside the firewall needs to see the traffic in plain text form. Accordingly, it decides whether to allow or drop the connection. Hence, when using the DPI enginetwo tunnels are created – one from the end-user computer to the firewall. Second from the firewall to the actual IP/website. As opposed to a normal connection where there will be end-to-end encryption with only one tunnel.  

 

https://en.wikipedia.org/wiki/Deep_packet_inspection

 

The approach with HTTPS websites is no different but there exists another method wherein the traffic can be done away with, without DPI scanning. This is done with the help of the common name on the certificate and DNS request. As we know, every client will request the IP address of the domain name it wants to browse with the DNS server.  

For the DNS approach, you must ensure that all outside DNSs are blocked. The only DNS that an internal user can use to query must be the firewall. 

For the common name approach, when the website responds to the HTTPS request, it sends the certificate information which has the common name (the website to which the certificate was issued). This information can be used to make a decision by the proxy engine to allow or drop the connection. However, the approach in both of the above cases is limited 

 

Let us see how a common name on the certificate looks like,

common name on ssl certificate

 

As seen in the screenshot above, the common name on the certificate is *.google.com. This is a good example showing the limitation of the DNS and common name-based approach. The proxy engine knows that the user is trying to browse some google service. However, it remains unknown until traffic is subjected to the Deep Packet Inspection. Similar certificates will be available if the end-user browses Gmail (Web-Email category), Google Drive (Storage category), Hangouts (Chat category), YouTube (Streaming category). 

 

 

How to get rid of the SSL certificate errors?

Based on the above examples, a certificate will be needed again for two purposes: 

  • For the firewall management portal including any end-user portal and other service portals 
  • For web proxy

 

Let’s take the case of the firewall management portal. Since this is presented to the user as a website, the browser checks URL match against the common name on the certificate. Most firewalls will have a self-signed CA (Certificate Authority) on them which will allow you to generate multiple certificates. Since these CAs are self-signed, their certificate chain and Root CA will not be trusted in the browser which results in the red padlock.

You can buy a certificate from any certificate distribution like GoDaddy, Let’s Encrypt, Comodo certificate and many more. But the certificate common name will have to match the URL you are opening in the browser.

For instance, you get a certificate for firewall.companyname.com, the firewall IPs must point to firewall.companyname.com. This can be done with the help of Zone editor on the web host (cPanel, etc.) side and Internal DNS ofirewall DNS for the internal IPs.  

 

If you use the DPI engine

If you are going to use the DPI engine, the firewall will be signing each website you visit and changing the root CA to its root CA (as this is another tunnel between the end-user machine and firewall). To overcome red padlock errors in this stage, you can either trust the firewall root CA in all the browsers or buy a CA ( Authority) certificate.

However, this option is very expensive as getting an authority certificate practically means you can sign any certificate. Every country has its local laws on defining who root CAs can be and it requires much documentation and compliance.  

Concisely, if DPI scanning is a priority, one should be looking at the ways they will push the root CA to be trusted in all the client browsers (domain computers, guests, mobiles, and more). Now, this can be done is by hosting it in a shared place that can be accessed by all devices. 

Finally, thanks for taking the time to read the article. We hope this enlightens you more about how you can scan your SSL traffic. Please share and let us know any other topics/articles you would like to see from our team of experts.  

 

Frequently Asked Questions

Can you inspect SSL Traffic?

Yes, an SSL certificate helps inspect all inbound and outbound traffic.

What is SSL deep inspection?

Deep Inspection of SSL is when data is decrypted and analyzed to see if it should be blocked and it is then re-encrypted.

How do firewalls inspect SSL Traffic?

Ideally, SSL Traffic cannot be inspected by any security gateway as it is encrypted. But there is an option of enabling HTTPS inspection wherein a new TLS connection is created and then the traffic can be decrypted and inspected.

 

How do I inspect my SSL Certificate?

If you want to see if your website or any other website that you are visiting has an SSL Certificate or not, you can check the URL. If the URL has an “S” after HTTP, then it indicates that the site is secure.

You can also get more information by checking the padlock icon beside the website URL.

If you want to view all certificates, press Win+R and type “certlm.msc”.

The certificate manager tool will appear. You’ll see that there’s a Certificate option on the left pane. Click on that and you’ll see a list of certificates that are available and click on the one that you want to view.

certificates

 

Why do we need SSL Decryption?

SSL Decryption allows you to have an in-depth look at the entire path not just an overview of the domain. Cyber attackers have learnt to encrypt and keep themselves undercover but decrypting the traffic helps have more control, more in-depth inspection and analysis, greater protection from malware threats, etc.

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.