This is possibly a stupid question but if I add Dropbox to the dpi ssl exclusion list I take it that any file downloaded from Dropbox will not be scanned by the Gateway Antivirus Service or Capture ATP.
I would disagree as it is possible Dropbox could serve a client a file via any of the other non-encrypted protocols, and thus be scanned by GAV or CATP.
Thanks, guys, I had to put in exclusions for DropBox, OneDrive, GoogleDrive, Sharepoint, WeTransfer, and a few others. I'm not really seeing the point of having DPI SSl on if I have to exclude the very sites we are downloading files from. Am I missing something? Why are they getting blocked when I have all the certs configured on the devices?
@Arkwright HTTP/3 (QUIC) will put a nail in the coffin of DPI-SSL and probably most of the Security Services at the Perimeter. I'am not optimistic that it can be addressed properly via Proxy.
@Purconn in my (current) opinion (time will tell) I believe days are numbered for Security Services at the perimeter and we're going back to Router (with some bells and whistles) and strong Endpoint Security.
@BWC is spot on. The security services previously provided by UTM firewalls are moving to endpoints. Too many weak links when corporate work from home / mobile devices are so ubiquitous.
Also QUIC is ruining things for admins, so f google.
Answers
I would disagree as it is possible Dropbox could serve a client a file via any of the other non-encrypted protocols, and thus be scanned by GAV or CATP.
In case the traffic is HTTPS, the payload cannot be scanned since it is encrypted.
Thanks, guys, I had to put in exclusions for DropBox, OneDrive, GoogleDrive, Sharepoint, WeTransfer, and a few others. I'm not really seeing the point of having DPI SSl on if I have to exclude the very sites we are downloading files from. Am I missing something? Why are they getting blocked when I have all the certs configured on the devices?
Tom
If the client software pins its certs or doesn't use the system certificates then you cannot MITM it because you cannot get it to trust it.
Just remember that DPI-SSL is a hack, it's somewhat surprising how well it still works in 2023.
@Arkwright HTTP/3 (QUIC) will put a nail in the coffin of DPI-SSL and probably most of the Security Services at the Perimeter. I'am not optimistic that it can be addressed properly via Proxy.
--Michael@BWC
So then we are basically back to the old days of your endpoint anti-virus software catching it.
Tom
@Purconn in my (current) opinion (time will tell) I believe days are numbered for Security Services at the perimeter and we're going back to Router (with some bells and whistles) and strong Endpoint Security.
--Michael@BWC
@BWC is spot on. The security services previously provided by UTM firewalls are moving to endpoints. Too many weak links when corporate work from home / mobile devices are so ubiquitous.
Also QUIC is ruining things for admins, so f google.
I fully agree, securing and protecting assets is becoming more and more challenging.