• Gesamte Community
    • Gesamte Community
    • Foren
    • Ideen
    • Blogs
Erweitert

Nicht was Sie suchen? Die Experten fragen!

Dieser Thread braucht eine Lösung.
Danksagungen0

Deep Packet Inspection and HTTPS

I noticed that Deep Packet Inspection was listed as a feature for the router.  Is the Core's DPI effective for HTTPS traffic going through the router?  Just curious as HTTPS is becoming increasingly common and my understanding has been that DPI is not effective when payloads are encrypted.  Thanks!

Antworten

Danksagungen1 Stats

Re: Deep Packet Inspection and HTTPS

I'd like to expand the scope of the OP's question a bit further...

Also of interest (to me) is the Core's effective DPI capabilities when it comes to dealing with various popularly-utilized encrypted email server transaction protocols (e.g. SSL, TLS, STARTTLS, Exchange, etc...)

Also of interest (again, to me) would be learning of it's DPI effectiveness when working with VPN tunneling protocols...

Best regards

Danksagungen0

Re: Deep Packet Inspection and HTTPS

I cannot state anything definitive, but if a packet is encrypted, what could be found in any inspection of the data packet? It would all be gibberish. 

I have searched online and asks a networking knowledgeable colleague and could not find any useful information on this.

Things happen. Export/Backup your Norton Password Manager data.
Danksagungen0

Re: Deep Packet Inspection and HTTPS

It's possible that the installed Norton could compromise the session key for the router, or that the router doesn't deal with those kinds of things.

I'm still not totally sure how the Norton software currently deals with SSL/TLS connections in the browser (injection most likely). Some people were saying that didn't even work right. At least they aren't inserting self signed certs into the root store like some other vendors, that's just bad. 

Danksagungen1 Stats

Re: Deep Packet Inspection and HTTPS

In looking at the release notes for Norton Core, it seems apparent that HTTPS traffic is not inspected.  There is a discussion of speed tests run with Norton Core showing slower internet speeds than expected, and the cause is the HTTP traffic being slowed due to the deep packet inspection.  One of the suggested workarounds is to use a speed test site that uses the HTTPS protocol so that the DPI is avoided.

Speed test apps and websites from the connected devices may show slower speed results on Norton Core than when connected to another router, or when compared to speed test run from the Norton Core app.

This is because Norton Core inspects all unencrypted network traffic to protect against malicious content.

Perform the speed test with the Network Inspection feature turned off. Navigate to Settings > Security > Network Inspection > tap Off. Make sure that this setting changed to Normal or Advanced immediately after performing the test.

Alternatively, test with other speed test apps or websites (for example, fast.com from Netflix) that are either encrypted (use the HTTPS protocol) or rated by WebPulse as Very Safe - Leans Safe.

If the URL or IP address that the speed test app or website connects to is not rated by WebPulse as Very Safe - Leans Safe, Norton Core performs deep packet inspection (DPI) to protect against malicious content.

Currently, the maximum inspected speed on Norton Core is around 70 Mbps. This will improve in future releases.

https://support.norton.com/sp/en/us/norton-core-security/current/solutio...

Danksagungen0

Re: Deep Packet Inspection and HTTPS

SendOfJive:

In looking at the release notes for Norton Core, it seems apparent that HTTPS traffic is not inspected.  There is a discussion of speed tests run with Norton Core showing slower internet speeds than expected, and the cause is the HTTP traffic being slowed due to the deep packet inspection.  One of the suggested workarounds is to use a speed test site that uses the HTTPS protocol so that the DPI is avoided.

Speed test apps and websites from the connected devices may show slower speed results on Norton Core than when connected to another router, or when compared to speed test run from the Norton Core app.

This is because Norton Core inspects all unencrypted network traffic to protect against malicious content.

Perform the speed test with the Network Inspection feature turned off. Navigate to Settings > Security > Network Inspection > tap Off. Make sure that this setting changed to Normal or Advanced immediately after performing the test.

Alternatively, test with other speed test apps or websites (for example, fast.com from Netflix) that are either encrypted (use the HTTPS protocol) or rated by WebPulse as Very Safe - Leans Safe.

If the URL or IP address that the speed test app or website connects to is not rated by WebPulse as Very Safe - Leans Safe, Norton Core performs deep packet inspection (DPI) to protect against malicious content.

Currently, the maximum inspected speed on Norton Core is around 70 Mbps. This will improve in future releases.

https://support.norton.com/sp/en/us/norton-core-security/current/solutio...

Thanks for the info SOJ,

FWIW my own intended use for the Core will be as a very cost-effective DPI enhanced host interface for my upcoming planned IoT device additions. The Core will itself be setup as a constrained Guest on my primary managed network - It'll be placed within its own isolated VLAN (and bridged only to the WAN-side BB service). Thanks to this (planned) topology, the Core's DPI overhead is (for me) very acceptable, even as it currently stands (note that my current guaranteed ISP provided bandwidth is 350x50 Mbps). And since I'm quite comfortable with the "as is" topology and security provisions of my existing infrastructure, I feel that the Core is going to serve very well as the added IoT management/security/interface that I've been hunting for...

Cheers!

This thread is closed from further comment. Please visit the forum to start a new thread.