Gain insight into SSL/TLS traffic to help maintain compliance with privacy regulations using F5 SSL Orchestrator
The adoption of SSL/TLS has been sped up by regulatory standards such as PCI DSS, HIPAA, and the EU’s General Data Protection Regulation (GDPR), which require that transmitted data be encrypted. Moreover, organizations have been spurred to adopt SSL/TLS by Google search results policy, which gives preferential treatment to sites that encrypt.
However, the rise of SSL/TLS isn’t all good news. Attackers are increasingly hiding insidious attacks within encrypted traffic—which means that the security protocol itself has become a threat vector. Regaining visibility into that encrypted traffic is one of the most important steps you can take to protect your apps, your data, and your business.
The F5 SSL Orchestrator solution aims to solve this SSL/TLS challenge across cloud and on-premises environments. It does this by decrypting the web traffic and centralizing the SSL inspection across multiple security devices, thus enabling the detection and blocking of threats previously hidden by encryption. The centralized SSL management will allow you to manage and enforce security policies to comply with regulatory mandates and rectify any non-compliance within minutes across the entire environment.
This blog demonstrates creating and enforcing a web access policy using SSL Orchestrator to meet the data compliance of privacy regulations such as GDPR, HIPAA, PCI-DSS, and others, at the same time deliver a comprehensive view of the applications and potential threats contained in encrypted traffic.
Prerequisites:
You must have configured the security service and service chains in the SSL Orchestrator before creating the security policies. Refer to the SSL Orchestrator setup guide for guidance on configuration deployment.
Classifying the Web Traffic
The first step is to identify the web traffic of interest that needs to be monitored. Since SSL Orchestrator is deployed inline to the traffic and processes all the wire traffic, it enables you to filter the web traffic at one central inspection point.
The web classification engine in SSL Orchestrator is based on context derived from the following one or more conditions:
- Source IP/subnet
- Destination IP/subnet
- IP intelligence category
- IP geolocation
- Host and domain name
- URL filtering category
- Destination port
- Protocol
To classify the web traffic:
- In the SSLO Orchestrator, navigate to the Security Policy tab in the guided configuration.
- Click on the Add button to add a policy.
- Select a Condition to classify in the SSL Orchestrator the web traffic.
- In this example, we are choosing ‘Category Lookup’ to filter the traffic based on URL categories.
Enforcing the Policy Action
The next step is to enforce the policy action. Some of the best-practice security policies are listed below:
SSL Orchestrator supplies URL category database with over 150 URL categories and identifies over 60 million URLs that fit within these categories.
SSL Orchestrator delivers a database of over 1 million malicious Internet addresses when used in conjunction with IP intelligence subscription service to identify botnets, phishing proxies, scanners, and other malicious sources.
- Enter the URL categories that should be filtered for as part of your policy.
- Next, select the policy action from the Action drop-down box. You can either choose to Reject or Allow.
- Finally, choose the SSL Forward Proxy Action. You can either choose to Bypass or Intercept the traffic.
- Click on the Save button. Click Add again if you would like to create more rules.
Once all the configurations are done, deploy the SSL Orchestrator using the guided configuration.
Test the Security Policy
Test the policy by navigating to any financial company website (say a https://<bank.com>) from a browser on a client system.
- If you have chosen the policy action to be ‘Reject,’ you will see the HTTP 404 error.
- If you have chosen the policy action to be ‘Allow’ and SSL forward proxy action as ‘Bypass,’ you will be presented with the bank’s website. When you click on the green padlock in your browser and inspect the certificate, you will see that the site is not intercepted.
Conclusion
Complying with regulatory standards is crucial to protect your business and users, however understanding and implementing the regulatory guideline is a laborious process. Often, achieving that goal requires deploying and managing several different types of devices. The F5 SSL Orchestrator enables your organization to understand inherent threats in the web traffic and centralize policy enforcement to protect your IT infrastructure and to satisfy various regulatory requirements.
Additional Resources
- Learn more about SSL Orchestrator on f5.com
- Looking for guidance to deploy SSL Orchestrator? Click here for the deployment guide