What is the Transport Layer Security Inspection?
Transport Layer Security Inspection (TLSI) or TLS break and inspect, is a security measure that involves decrypting traffic, inspecting decrypted content, and encrypting the traffic again before it enters or leaves the network.
This process involves proxy devices, firewalls, and intrusion detection or prevention systems (IDS/IPS).
Risks involved with TLSI
Although TLSI is useful for monitoring potential threats, it also brings with it multiple risk factors.
Apart from this, certain countries have laws governing TLSI capabilities in enterprises. Before implementing TLSI, organizations must be aware of the requirements and compliances mandated by law.
What does the advisory say?
The advisory begins by exploring what TLSI is and goes on to describe the several risks associated. Apart from this, it also provides mitigation measures enterprises can take to prevent these risks.
“To minimize the risks described above, breaking and inspecting TLS traffic should only be conducted once within the enterprise network. Redundant TLSI, wherein a client-server traffic flow is decrypted, inspected, and re-encrypted by one forward proxy and is then forwarded to a second forward proxy for more of the same, should not be performed,” reads the advisory.
Publisher