What is DPI-SSL, and do I need to use it on my K-12 network? DPI-SSL involves using another layer of firewall protection to deeply inspect SSL traffic, which is where viruses and ransomware tend to travel.
Students, staff and guests communicate constantly while on your school Internet connection. Connections and traffic vary in type, but can generally be categorized and viewed through your firewall. Types of traffic we commonly see on a K-12 network:
- UDP – stateless traffic such as surveillance camera feeds
- HTTP – miscellaneous non-secure websites – could be news sites, informational sites
- HTTPS – miscellaneous secure websites – could be Google Apps or similar sites
Most firewalls can break this traffic down further, and can show you which traffic is going to facebook, Netflix, or Google services. However, many firewalls currently in use cannot tell you what is going on inside that traffic. Did someone share a malicious file or link? Is the content appropriate for students?
Even relatively new firewalls are increasingly falling behind the traffic inspection game; they may not be sized properly or have the necessary technology to provide deep packet inspection. Services like YouTube and Google searches, that are available on HTTPS traffic, may circumvent firewall rules if the firewall is unable to inspect HTTPS traffic. While YouTube does provide options for limiting available videos by category or rating, some firewalls may not be able to enforce these rules as they may not be able to inspect the HTTPS connection that YouTube utilizes.
Using existing firewall analytics, we took a closer look at the traffic running on the networks of our current K-12 clients. On average, 60% of network traffic at our schools polled was HTTPS traffic. If the school is not using DPI-SSL, this means that 60% of the traffic is traveling encrypted and un-inspected.
In general terms, HTTPS traffic is encrypted traffic. For example, Google Apps works within encrypted traffic, as users must login to a secure website to interact with Google Apps data. Shopping sites, banking sites and student management portals should also be encrypted and presented as HTTPS traffic, to keep your data and transactions safe. Where is the harm in not inspecting HTTPS traffic? Ransomware, viruses and malware.
Cybercriminals have grown savvy in their distribution methods, and are able to send threats across the HTTPS protocol, essentially hiding them as they enter your network. Once they reach an inbox or browser of an end-user, your network security depends on the ability of the end-user to determine whether a website is fake or real and whether an email is phishing or legitimate. Network security experts maintain that the human component is the weakest and most important factor to consider when developing a network security plan.
SonicWall’s DPI-SSL and Capture services provide a platform that can quickly decrypt, inspect, and sandbox formerly hidden traffic. DPI-SSL stands for: Deep Packet Inspection of Secure Socket Layer (DPI-SSL). This extends SonicWall’s Deep Packet Inspection technology to allow for the inspection of encrypted HTTPS traffic and other SSL based traffic. The SSL traffic is decrypted transparently, scanned for threats and then re-encrypted and sent along to its destination if no threats or vulnerabilities are found.
You may think that ransomware, malware and viruses are a small concern for K-12 networks, but by 2019, 75% of web traffic will be HTTPS. In addition to an increase in encrypted traffic, education is currently the favorite target of cyber criminals deploying ransomware, and over 30% of K-12 schools surveyed in the United States have been infected by ransomware.
Contact ITS for more specific information on a SonicWall model or service for your K-12 District.