Detect or/and enforce SSL/STARTTLS

Pawel_ · ‎2017-08-31

Hi,

I'd like to detect and/or enforce that people use encryption when they pass data between systems. For example people say that for SMTP, tcp/25, they use STARTTLS. Is there any way to verify/enforce that STARTTLS is in fact used? I don't want to inspect the content of encrypted traffic, just want to ensure that people encrypt data.

The same question is about STARTTLS for LDAP on tcp/389 or detecting/enforcing the use of HTTPS on non-standard ports.

Thanks,

Pawel

PhoneBoy · ‎2017-09-01

There are application signatures for SMTP over TLS.

It would make sense you could create a rule allowing that application and BLOCK regular smtp.

I don't believe we have a similar one for LDAP.

For HTTPS, there is an application signature you can enable in R80.10 (it's disabled in the default https service).

If you want to enforce HTTPS on other ports, create a new TCP service:

A rule using this service would have to be used in a layer that has Application Control enabled.

Pawel_ · ‎2017-09-05

Hi,

Thank you for the reply. I needed some time to test it and found that SMTP over TLS signature doesn't work for me. I found in the 'More Info' section of 'SMTP over TLS' description that HTTPS Inspection is mandatory for detection but I cannot enable it due to policy reasons.

So no luck in SMTP, no luck in LDAP, no luck in HTTPS because I'm still on R77.

Anyway, thanks for the suggestions. Any other ideas appreciated.

Are you a member of CheckMates?

Detect or/and enforce SSL/STARTTLS