cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Detect or/and enforce SSL/STARTTLS

Hi,

I'd like to detect and/or enforce that people use encryption when they pass data between systems. For example people say that for SMTP, tcp/25, they use STARTTLS. Is there any way to verify/enforce that STARTTLS is in fact used? I don't want to inspect the content of encrypted traffic, just want to ensure that people encrypt data.

The same question is about STARTTLS for LDAP on tcp/389 or detecting/enforcing the use of HTTPS on non-standard ports.

Thanks,

Pawel

0 Kudos
2 Replies
Admin
Admin

Re: Detect or/and enforce SSL/STARTTLS

There are application signatures for SMTP over TLS.

It would make sense you could create a rule allowing that application and BLOCK regular smtp.

I don't believe we have a similar one for LDAP.

For HTTPS, there is an application signature you can enable in R80.10 (it's disabled in the default https service).

If you want to enforce HTTPS on other ports, create a new TCP service:

A rule using this service would have to be used in a layer that has Application Control enabled.

0 Kudos

Re: Detect or/and enforce SSL/STARTTLS

Hi,

Thank you for the reply. I needed some time to test it and found that SMTP over TLS signature doesn't work for me. I found in the 'More Info' section of 'SMTP over TLS' description that HTTPS Inspection is mandatory for detection but I cannot enable it due to policy reasons.

So no luck in SMTP, no luck in LDAP, no luck in HTTPS because I'm still on R77.

Anyway, thanks for the suggestions. Any other ideas appreciated.

0 Kudos