Decrypting Decryption (Episode 24) Learning Happy Hour

Подписаться 35 тыс.

Просмотров 20 тыс.

50% 1

Have you ever wondered how Secure Socket Layer (SSL) works? Have you ever been perplexed about what a Client Hello or a Server Hello is? Or do you want to really understand how a Next-Generation Firewall (NGFW) performs decryption? Then this episode is for you! Shakti will be your decryption mentor by showing exactly how the process of SSL Forward Proxy decryption happens!
Episode Feedback: learninghappyhour@paloaltonetworks.com
Episode Resources:
• LIVEcommunity guides to understand and implement SSL Decryption = live.paloalton...
• The need for decryption = transparencyre...
• Admin Guide to implement SSL Decryption = docs.paloalton...
• Day in the Life of a Packet = knowledgebase....
• Browser Certificate Stores and Root Trust = certsimple.com...
• Decryption Best Practices = docs.paloalton...
• BPA (Best Practice Assessment = www.paloaltone...
• Best Practice Assessment for NGFW and Panorama = www.paloaltone...

Опубликовано:

14 окт 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 52

@cathyn137 5 лет назад

I was struggling to understand the concept until I watched this video. Thank you!!

@ashokreddyb7867 4 года назад

It's just awesome. The way he elucidated is like spoon feeding. He hammered impervious brains which don't allow cryptographic stuff easily with his explanation. Great stuff. Kudos to all of you.

@popz2049 3 года назад

Shakti's the best trainer I've had hands down!

@PaloAltoNetworksLiveCommunity 3 года назад

Great to hear. We will share this feedback with him!

@mursalqaiser4779 2 года назад

Say Hi to Shakti and give special thanks to him. I really really like way of teaching and he did not leave any ambiguity. I am very thankful to him.

@d5sturbed 4 года назад

this is super awesome! i was really struggling to get the whole SSL handshake idea in my head but this is just totally spot on! Subscribed.

@imshrikantdesai Год назад

Superb... Each and every process is very nicely explained. This will definitely help beginners to understand the details of DPI transactions.

@gopibanjare9620 2 года назад

Great explanation!! Clear understanding of this concept. Thank you guys

@PaloAltoNetworksLiveCommunity 2 года назад

Hi gopi, thanks for your feedback ! Glad to hear you found it useful !

@gopibanjare9620 2 года назад

I would like to request you please make video on life of packet in detail. Thank you!

@augustbernard3396 2 года назад

Best explanation of decryption I’ve seen! Thank you so much!

@saqarif 3 года назад

Hi, Shakti, You explained it tremendously. Now, The certifications' handshaking is in my mind in the decryption stage. :)

@johnmanufan 4 года назад

Absolutely brilliant video, thanks very much

@5Incognito 3 года назад

I was about to give up on changing my career, reading isn't informative and concepts are really hard for someone with no background, but BIG THANKS to your effort and organized explanation, that was really detailed. I respect your side comments and notes about stuff that takes place like NATTING and other things you mentioned, I wish you could have included them explained but I guess the video then will be quite longer.

@PaloAltoNetworksLiveCommunity 3 года назад

Thanks for sharing such positive feedback! We are glad this video helped you. If you want to learn more, we encourage you to check out the LIVEcommunity page for more great information: live.paloaltonetworks.com

@joseluisquintero4076 2 года назад

Great Explanation!

@odhiyah6167 5 лет назад

Just cemented what I learned before, Thank you

@PaloAltoNetworksLiveCommunity 5 лет назад

That's great to hear!

@richardege7037 2 года назад

Excellent presentation...

@bain6514 4 года назад

Brilliant Explanation. Thank you.

@PaloAltoNetworksLiveCommunity 4 года назад

You are welcome!

@jucelinodosreis 2 года назад

thank you for sharing

@20kaif 4 года назад

you explained concept really well..Thanks

@PaloAltoNetworksLiveCommunity 4 года назад

Thank you for the positive feedback! Check out the LIVEcommunity page for more great info: live.paloaltonetworks.com

@tonytshoot567 5 лет назад

Well presented! Great job!

@kanakashriyakrishnamoorthy8821 Год назад

Does decryption happen for each payload that is being sent for a single stream of TCP ?

@networksecurity778 2 года назад

This lecture does give any training courses ?

@PramodYadav-fp2dj Год назад

I have a query, why can't we global signed CA for SSL decryption?

@scolpi73 4 года назад

Thank you, a very clear explanation.

@ashokreddyb7867 4 года назад

One small request... You have made everything clear and left remnant portion. Would be great if you could explain how session key or session id is created. Thanks in advance

@novakonstant 5 лет назад

Excellent explanation.

@handerohan8979 3 года назад

Great explanation... really appreciate it the way its explained... one thing i would like to know that about clear text... in between two session there will be clear text data on forward proxy. Is it mean that data is in read format for system or network admin ?

@PaloAltoNetworksLiveCommunity 3 года назад

Hi, decrypted traffic does not leave the next-generation firewall, and inspection of traffic to prevent threats takes place within the firewall. This preserves TLS’s promises of confidentiality and integrity. Source: www.paloaltonetworks.com/resources/whitepapers/decryption-why-where-and-how

@handerohan8979 3 года назад

@@PaloAltoNetworksLiveCommunity Thanks for taking time to response .. i agreed with examination that clear text traffic dosen't leave firewall but it easy to admin to tap or mirror port and read the clear text format ? Such for confidential data like banking & financial website. ?

@austinaaron7018 9 месяцев назад

How will diffie helman key exchange fit in to this?

@sriramp6952 5 лет назад

Excellent... Please plan the deep dive video for Packet flow as well.

@PaloAltoNetworksLiveCommunity 5 лет назад

Sriram, we think you are gonna love episode 26 😉

@skhaiderali786 4 года назад

very well explained

@sumitnick4 Год назад

Key usage explained is inaccurate. Client_write_key, server_write_key are used in each direction for encryption and decryption

@vivekprajapati7911 5 лет назад

great thanks sir more videos on different topics.

@PaloAltoNetworksLiveCommunity 5 лет назад

Please feel free to subscribe to our channel as we produce videos regularly, thanks for watching!

@giridharradhakrishnan5816 3 года назад

Why do we need to create an Untrusted CA (19:38)? Why should the firewall allow connections from server with untrusted CA? Can someone explain?

@aimanrashid3449 2 года назад

If the server doesn't have a trusted CA, it is your choice to either pass or block the session. Not only this, but also PA supports that if the server certificate doesn't support specific ciphers or keys etc. you can block the sessions. So, its not necessary to pass the session back to the client. Now, in some cases, customers need to pass the server sessions back to clients even if certificate is untrusted. In this case, imagine proxy (PA) signs the certificate with its Forward trust certificate then the client would ALWAYS trust the server. To let the client know that server has untrusted cert, the untrust CA is used to generate the untrust cert. Hope this answers your query.

@mkbysmk 3 года назад

Can't you convert it to the Full HD, please? Thanks in advance :)

@ChillWill9311 5 лет назад

Excellent !

@MOHDBILAL-ed2xy 3 года назад

👌

@umbrellageeks9421 4 года назад

awesome!!

@arian7472 3 года назад

if FW break the communication into two sessions why it can't decrypt the DHE key exchange

@kadheimcooper4606 3 года назад

DHE doesn’t use certificates, it’s a completely different algorithm that’s purely on mathematical computation.

@balachandarsivasamy7958 5 лет назад

Great 👍

@nxu5107 2 года назад

I think you lost me as soon as you started talking about the Root CA. Is there a video that quickly but clearly explain the steps that are required to do SSL decryption on a PA firewall Please ...please please... just the steps and a brief description as to why. While this video is good to understand the infrastructure and the process and etc etc., we need quick solutions.. as admins we hardly have time to sit and listen to PhD thesis. Sorry.