Quote:
Originally Posted by Broadbandings
Then they throttle flows going to those VPN endpoints.
SSL is a protocol and what's inside the SSL can't be read unless you proxy the SSL connection and terminate it on the appliance. Secure Sockets Layer - what's running on top of the SSL tunnel can be anything and ISP is none the wiser, so they throttle based on source address, the Giganews FEPs.
VPN is completely secure so long as the encryption is set up appropriately however as mentioned above you don't need to know what's in the VPN to be able to throttle.
|
its not been the case for a long time now, at least for any and all plain text inside the ssl tunnel datastreams and the right kit, but you seem to already understand this point yet skip over it!? but no matter,its still interesting to other readers of the thread later perhaps.
this is a so called "Man In The Middle attack" built directly into industrial ISP grade hardware that business and well funded criminal oufits can purchase off the shelf today and pay an ISP tech to plug in for instance.
Ohh, it seems that later in the thread you concentrate on full decyption of the tunnel, wereas for the purposes of this thread and the reality of why VM and the DPI vendors are doing this is to get just enough information from your encypted datastream to use it in whatever mannor they chose to increase their profit margins at the end users expense...and without regard to the legal or political implications that might bring in the future from their actions.
and by "to close the security loophole that SSL creates" they obviously mean that without this kit they couldnt see much if any of your unique datastream property to profit from its processing...
http://www.intelcommsalliance.com/ks...04daf53086f015
"
Netronome SSL Inspector Transparent SSL Proxy
[img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img][img]Download Failed (1)[/img]
No ratings yet
Resources
Product Web Page
Datasheet
Categories
Application Software
Other
The Netronome SSL Inspector, the industry's highest-performance transparent SSL proxy, enables network security applications to access the clear text in SSL-encrypted connections and has been designed for security and network appliance manufacturers, enterprise IT organizations and system integrators. Without compromising any aspect of enterprise- or government-regulated compliance, the SSL Inspector allows network appliances to be deployed with the highest levels of flow analysis while still maintaining multi-gigabit line-rate network performance.
The SSL Inspector's unique combination of capabilities removes the risks arising from the lack of visibility into SSL traffic while simultaneously increasing the performance of security and network appliances.
The SSL Inspector Appliance provides existing sniffing (IDS) and filtering (IPS) security appliances with access to the decrypted plaintext of SSL flows. This equips network appliance manufacturers with a mechanism to provide their security applications with visibility into both SSL and non-SSL network traffic, increase their application performance and avoid becoming the source of reduced network throughput. This also allows end-users to add SSL Inspection capabilities to their network security architecture immediately to close the security loophole that SSL creates.
The SSL Inspector is also available in a standard development kit that provides the industry's only open application programming interface.
..."