During a recent security audit, an analyst discovers that encrypted traffic is passing through the organization's firewall without inspection, potentially allowing harmful content to go undetected. Which of the following should the organization implement to address this security gap?
Configuration of HTTPS deep packet inspection rules
The correct answer is 'SSL decryption policies on the firewall'. SSL inspection involves decrypting, inspecting, and re-encrypting SSL/TLS encrypted traffic as it passes through a security gateway or firewall. By implementing SSL decryption policies on the firewall, the organization can examine the content of encrypted traffic for potential threats, ensuring that harmful content is not missed due to encryption. This is especially critical as attackers could use encryption to mask malicious activities. 'URL filtering' is incorrect because it does not decrypt traffic but rather filters it based on URLs against a database of categorized websites. 'Application control policies' are incorrect because they manage application usage rather than inspect encrypted content. 'HTTPS deep packet inspection rules' is a misleading answer as deep packet inspection implies a thorough examination of data, but without proper SSL decryption, it cannot inspect encrypted HTTPS traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SSL decryption and how does it work?
Open an interactive chat with Bash
Why is inspecting encrypted traffic important for security?
Open an interactive chat with Bash
What is the difference between SSL decryption and HTTPS deep packet inspection?