This document seems worrying:
Deep Packet Inspection of Secure Socket Layer (DPI-SSL) extends SonicWALL’s Deep Packet Inspection technology to allow for the inspection of encrypted HTTPS traffic and other SSL-based traffic.
The SSL traffic is decrypted transparently, scanned for threats and then re-encrypted and sent along to its destination.
if no threats or vulnerabilities are found. DPI-SSL provides additional security, application control, and data leakage prevention for analyzing encrypted HTTPS and other SSL-based traffic.
http://www.sonicwall.com/downloads/S...ure_Module.pdf
Although not entirely clear, it looks like a kind of Man in the middle attack is performed in order to "inspect" SSL encrypted traffic:
After the appliance performs DPI-SSL inspection, it re-writes the certificate sent by the remote server and signs this newly generated certificate with the certificate specified in the Client DPI-SSL configuration.
By default, this is the SonicWALL certificate authority (CA) certificate, or a different certificate can be specified.
I wonder if the vpn -e.g. OpenVPN - are threatened by this technology.
(Probably not if the certificates are shared by potal service or by other mean than an internet connection).
Bookmarks