2 Replies Latest reply on Aug 8, 2016 11:50 AM by hhoang

    Could HDLP Network Communication Rule inspect encrypted traffic?

    veronica_yy

      Hi,

      We have HDLP v9.4.2 and would like to create a network communication rule to detect data in a few different network protocols. Does it matter if the protocol is encrypted? e.g. https, sftp, Skype, etc.

       

      Cheers,

      Veronica

        • 1. Re: Could HDLP Network Communication Rule inspect encrypted traffic?
          nicholas.klebs

          For this discussion - nothing can inspect the content of encrypted network traffic.

          To inspect the content requires the network traffic to be in plain text.

           

          Now - whether or not HDLP can help inspect data transferred from a workstation to a resource over an encrypted channels depends on how the Network Communication Protection functionality works.

          If it is actually inspecting the content of the network communication, then no it can't inspect the data.

          If the NCP Rule is detecting that an encrypted network channel is open to a resource by an application, and inspecting any files that the application is opening/reading, then yse it can inspect the data (because the data is still plain text and hasn't been sent via encrypted network channel).

           

          Anyone know technically how the NCP Rule works - does it "detect" an open channel to a network resource and monitor the application - or is it actually monitoring the data transferred via the network?

          • 2. Re: Could HDLP Network Communication Rule inspect encrypted traffic?
            hhoang

            Nicholas,

             

            You are correct.  HDLP analyzes the network packet and unable to inspect encrypted traffic.