NPB Virtual Packet Broker Support SSL And TLS Protocol Simplified Network Upgrades

NPB Packet Broker Support SSL and TLS Protocol Simplified Network Upgrades

Background

In the early days of accessing the web, we used the HTTP protocol, which used clear text when transferring data. Clear text transfer brought the following risks:

1. Information interception risk, and the third party can obtain the communication content

2. Risk of information tampering. The third party may tamper with the content of the communication

3. Identity impersonation risk. The third party can impersonate the identity of others to participate in the communication

To address the risks of plaintext transmission, netscape designed SSL for the Web as a secure transport protocol in 1994, which is the origin of SSL.The IETF standardized SSL and published the first edition of the TLS standard document in 1999.This was followed by RFC 5246 (August 2008) and RFC 6176 (March 2011).This protocol is widely used in the web.

Your network is under Attack? The Mainstreaming of Cybercrime happen everyday.

Take control and solve problems faster; 

Experience Next Generation Visibility and Troubleshooting; 

Achieving Service Assurance across Multi-Cloud Environments;

Smart Security is Here!

Contact our team today, see what the others can't, let's be a partner, we are here to accelerate Your NFV Journey!

SSL/TLS Protocol

TLS (Transport Layer Security) and its predecessor, SSL (Secure Sockets Layer), are Security protocols designed to provide Security and data integrity for Internet communications.

The TLS protocol USES the following three mechanisms to provide secure transmission for information communication:

1. Confidentiality. All communication is transmitted through encryption

2. Identity authentication shall be conducted through certificates

3. reliability, through the verification of data integrity to maintain a reliable security connection

Working Mechanism:

The TLS protocol consists of two parts, including (TLS Record Layer,TLS handshake protocol)

Record Layer:

Provide a header for each Message and generate a hash value from Message Authentication Code (MAC) at the end, where the header consists of 5 bytes, namely protocol description (1bytes), protocol version (2bytes) and length (2bytes). The length of protocol information following the header shall not exceed 16384bytes.

Handshake Protocol:

Starting a secure connection requires the client and server to repeatedly establish a handshake.A

TLS handshake goes through the following steps:

The SSL Handshake Protocol goes through the following steps:

3. Typical Application Structures

• Network Traffic desensitization(Data Masking) Application Deployment(as following)

The deployment of the network packet broker desensitization(data masking) application is shown above. For traffic in the network, there may be sensitive information such as card number and id number at the net data load. Users worry about data leakage by the back-end analysis system, causing unnecessary problems. Users can desensitize the traffic and then output to the back-end analysis system.This application USES the network packet broker to desensitization(mask) replacement of sensitive information, such as id card number or other sensitive information values (such as Card No 5101061....) output after replacement, the network packet broker support the rules of the regular expression matching keywords, to replace any key fields within the original data, shielding sensitive information, in order to achieve output can be determined according to the user to configure the implementation flow strategy.

NT-FTAP-32QCX Network TAP NPB.pdf