GigaSMART Passive SSL Decryption

GigaVUE H Series nodes support Secure Sockets Layer (SSL) decryption. SSL is a cryptographic protocol that adds security to TCP/IP communications such as Web browsing and email. The protocol allows the transmission of secure data between a server and client who both have the keys to decode the transmission and the certificates to verify trust between them. Passive SSL decryption delivers decrypted traffic to out-of-band tools that can then detect threats entering the network.

Passive SSL decryption is a pillar of the GigaSECURE Security Delivery Platform. For an overview of GigaSECURE, refer to GigaSECURE Security Delivery Platform.

On GigaVUE H Series nodes, GigaSMART line cards or modules perform the decryption of SSL traffic. Using GigaSMART for decryption offloads the decryption function from tools and offers improved tool performance by removing this computationally intensive task. GigaSMART provides a centralized decryption point. Decrypted SSL traffic can be sent from GigaSMART to inspection tools for further analysis, for example, to look at encrypted communications or to detect malware.

Before SSL traffic is decrypted, the de-duplication GigaSMART operation can be performed. Decrypted traffic from the GigaSMART line card or module can be filtered, aggregated, and replicated and then sent to one or more monitoring tools for analysis.

Passive SSL decryption is supported on the following GigaVUE H Series products with GigaSMART line cards or modules installed:

■   GigaVUE‑HC3
■   GigaVUE‑HC2
■   GigaVUE‑HC1

Use Passive SSL decryption on the GigaSMART line card or module with passive or offline traffic. Tap the traffic to and from a server and pass it to the GigaVUE H Series node with the GigaSMART line card or module.

Passive SSL decryption operations can be assigned to GigaSMART groups consisting of multiple engine ports. Refer to Groups of GigaSMART Engine Ports for details.

For secure storage of private keys, Entrust nShield Hardware Security Module (HSM) is integrated with Passive SSL decryption. Refer to Entrust nShield HSM for SSL Decryption for Out-of-Band Tools for details.

Gigamon also offers inline SSL decryption, which inspects SSL encrypted traffic inline. Refer to Inline SSL Decryption for details.

Configuring Passive SSL Decryption Examples

The following sections provide examples of SSL decryption. Refer to the following:

■   Example 1: SSL Decryption with a Regular Map on page 613
■   Example 2: SSL Decryption with De-duplication on page 615
■   Other Usage Examples on page 615