Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pawel_Rzepa
Explorer

Detect or/and enforce SSL/STARTTLS

Hi,

I'd like to detect and/or enforce that people use encryption when they pass data between systems. For example people say that for SMTP, tcp/25, they use STARTTLS. Is there any way to verify/enforce that STARTTLS is in fact used? I don't want to inspect the content of encrypted traffic, just want to ensure that people encrypt data.

The same question is about STARTTLS for LDAP on tcp/389 or detecting/enforcing the use of HTTPS on non-standard ports.

Thanks,

Pawel

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

There are application signatures for SMTP over TLS.

It would make sense you could create a rule allowing that application and BLOCK regular smtp.

I don't believe we have a similar one for LDAP.

For HTTPS, there is an application signature you can enable in R80.10 (it's disabled in the default https service).

If you want to enforce HTTPS on other ports, create a new TCP service:

A rule using this service would have to be used in a layer that has Application Control enabled.

0 Kudos
Pawel_Rzepa
Explorer

Hi,

Thank you for the reply. I needed some time to test it and found that SMTP over TLS signature doesn't work for me. I found in the 'More Info' section of 'SMTP over TLS' description that HTTPS Inspection is mandatory for detection but I cannot enable it due to policy reasons.

So no luck in SMTP, no luck in LDAP, no luck in HTTPS because I'm still on R77.

Anyway, thanks for the suggestions. Any other ideas appreciated.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events