INTELLIGENT BRANDS // Enterprise Security
AN SSL INSPECTION
PLATFORM CAN DECRYPT
TRAFFIC WHEN CONFIGURED
AS A TRANSPARENT
FORWARD PROXY OR AN
EXPLICIT PROXY
than decrypting outbound traffic because
organisations own the SSL keys. There are
two main ways to decrypt inbound SSL
traffic sent to internal servers:
Reverse proxy mode: SSL traffic is
terminated on the SSL inspection devices
and sent in clear text to inline or non-inline
security devices. This mode is also referred
to as “SSL Offload.”
Passive non-inline or inline mode: SSL
traffic is decrypted using a copy of the
server SSL keys. SSL traffic is not modified
by the SSL inspection platform except—
potentially—to block attacks.
In reverse proxy mode, the SSL inspection
platform can potentially also accelerate SSL
performance and load balance servers.
In passive non-inline mode, the SSL
inspection platform can be installed
transparently without needing to update
network settings. However, in passive noninline mode, organisations cannot easily
block attacks. Although organisations may
be able to send TCP resets from non-inline
devices, this is a best-effort approach
and will not effectively block all attacks,
including single-packet attacks.
Unfortunately, organisations that deploy an
SSL inspection platform that only supports
passive mode will be hamstrung—unable
to implement strong security ciphers like
Elliptic Curve Diffie Hellman Exchange
(ECDHE) without breaking their SSL
decryption architecture. SSL inspection
platforms deployed in passive non-inline
mode are a security epic fail.
(For the full article, please visit
www.intelligentcio.com/me)
56
INTELLIGENTCIO
At a glance…
Nokia Networks & Nixu
to collaborate on cyber
security
Nixu Corporation and
Nokia Networks have
entered an agreement
to collaborate on
developing and
delivering cyber security
services for Nokia’s
clients worldwide. For
cyber security company
Nixu widening international market reach is a strategic way of
reaching growth targets.
Nixu and Nokia Networks have signed a collaboration
agreement that makes it possible for Nixu’s comprehensive
cyber security services to be included as part of Nokia’s
client offering. This agreement gives Nokia’s network
operator clients access to Nixu’s cyber security expertise
through one partner.
“This collaboration model enables Nokia to include our
productised cyber security services in the delivery of complete
network or service solutions. Nixu’s in-depth expertise and
tested procedures guarantee Nokia’s customers easy access to
the specialist services required for cyber security development
and verification. For Nokia this is a flexible way to include
strong specialist know-how in their full range of services,” states
CEO of Nixu Corporation, Petri Kairinen.
”Internationalisation is a central part of Nixu’s growth strategy.
The collaboration agreement with Nokia gives Nixu access to
an important international distribution channel. As specialists,
we will be able to contribute at multiple points along the cyber
security value chain and genuinely provide added value for
our clients. Our expertise is of such high calibre that there is an
international demand for it,” Petri Kairinen continues.
“The new partnership with Nixu, a company with strong
security service knowledge in areas like operators and Cloud,
will complement Nokia’s expertise to deliver outstanding
security services for operators all over the world. The security
consultants from Nixu enrich our service offerings with product
and vendor agnostic expertise, which many of our customers
appreciate,” states Nils Ahrlich from the Nokia Networks
Security business area.
www.intelligentcio.com