Cisco SSL Appliances decrypt secure socket layer (SSL) traffic and send it to existing security and network appliances to transparently enable encrypted traffic inspection. This allows existing intrusion prevention system (IPS) appliances to identify risks normally hidden by SSL, such as regulatory compliance violations, viruses, malware, data loss, and intrusion attempts.
Features and Capabilities
An Easy Vehicle for Cybersecurity Attacks
SSL-encrypted traffic is exploding, due to the enterprise-wide usage of cloud computing, secure e-commerce, Web 2.0 applications, email, and VPN. However, SSL-encrypted communications are an easy vehicle to hide many types of cybersecurity threats, including:
- Intrusion attacks
- Advanced malware
- Phishing attacks
- Viruses and worms
- Data loss
If not managed properly, SSL can leave a hole in any enterprise security architecture. Existing approaches to SSL-encrypted traffic often involve passing everything through or blocking all SSL traffic. Or they may combine the SSL decryption on the same device as threat protection functions, such as an IPS.
Cisco SSL Appliance Capabilities
Unlike on-box SSL decryption solutions that use shared hardware resources for SSL decryption and IPS inspection, the Cisco SSL architecture permits the SSL and IPS processes to run on separate systems. This offloads all decryption and encryption requirements from the IPS to provide greater IPS performance and scalability.
Cisco SSL Appliances are also versatile enough to inspect SSL traffic in both inbound and outbound configurations and are available with a range of interface options. All include a programmable fail-open capability, traffic bypass filters, and configurable link state monitoring and mirroring. Fine-grained policy control provides the ability to control which SSL flows are inspected, passed through, or blocked.
The following unique capabilities of Cisco SSL Appliances remove risk arising from lack of visibility into SSL traffic while also maintaining the performance of security and network appliances:
- Decryption of traffic up to 3.5 Gbps with over five million simultaneous flows
- Transparent proxy - no configuration, addressing, or topology changes
- Support for both passive and inline configurations
- Detection of SSL sessions on all ports, not just the traditional port 443
- Logging the details of all SSL flows to detect suspicious trends or patterns
Specifications at a Glance
- Encryption: TLS 1.0, TLS 1.1, SSL3, partial SSL2
- Proxy mode: Transparent
- Public key algorithms: RSA, DSA, DH
- Symmetric key algorithms: AES, 3DES, DES, RC4
- Hashing algorithms: MD5, SHA-1
- RSA keys: 512, 1024, 2048, 4096, 8172 bits