Explore the critical importance of decryption in network security operations as TLS 1.3 adoption increases, making traffic inspection more challenging. Delve into Fiserv's experiences with decrypting PFS-encrypted traffic and examine various options including SSL fingerprinting, proxies, and session-key forwarders. Learn about encryption trends, TLS 1.3 highlights, network detection techniques, and the implications of perfect forward secrecy. Discover the pros and cons of SSL/TLS interception methods, out-of-band analysis, and forensics. Gain insights to formulate an effective decryption strategy tailored to your organization's needs. Ideal for security professionals with a general understanding of network analysis and encryption's impact on monitoring.
The Network Is Going Dark - Why Decryption Matters for SecOps
Overview
Syllabus
Introduction
Encryption Trend
TLS 1.3 Is Here
TLS 1.3 Highlights
TLS 1.3 Handshake
Why Network Detection?
North-South vs. East-West
X.509 Certificate
North-South Visibility: HTTPS (TLS 1.2) + DOH
Page-Load Fingerprints
TLS Fingerprinting Overview: JA3 and JA3S
TLS Fingerprinting: False Positives and Evasion
Traffic Analysis Overview
Cisco Encrypted Traffic Analysis
Network Detection: Better with Plaintext
Perfect Forward Secrecy Overview
PFS Adoption: 2013 - 2020
SSL/TLS Interception: "Break-and-Inspect"
SSL/TLS Interception: Secure Access Service Edge (SASE)
SSL/TLS Interception: Potential Weaknesses
SSL/TLS Interception: Trend
SSL/TLS Termination & Re-encryption
Out-of-band Analysis & Forensics PF5 breaks out-of-band network analysis and packet capture that needs to perform decryption for analysis
Out-of-band Analysis: TLS Downgrade
Out-of-band Analysis: Session Key Forwarding
Recommended Next Steps
Decrypting PFS at Fiserv
Apply / Next Steps
Taught by
RSA Conference
