Skip to main content

 

 

Cisco Defense Orchestrator

Why Implement SSL Decryption?

Encrypted traffic, such as HTTPS connections, cannot be inspected. Many connections are legitimately encrypted, such as connections to banks and other financial institutions. Many web sites use encryption to protect privacy or sensitive data. For example, your connection to Firepower Device Manager is encrypted. However, users can also hide undesirable traffic within encrypted connections.

By implementing SSL decryption, you can decrypt connections, inspect them to ensure they do not contain threats or other undesirable traffic, and then re-encrypt them before allowing the connection to proceed. (The decrypted traffic goes through your access control policy and matches rules based on inspected characteristics of the decrypted connection, not on the encrypted characteristics.) This balances your need to apply access control policies with the user’s need to protect sensitive information.

You can also configure SSL decryption rules to block encrypted traffic of types you know you do not want on your network.

Caution: Keep in mind that decrypting and then re-encrypting traffic adds a processing load on the device, which will reduce overall system performance.

  • Was this article helpful?