The Internet is increasingly encrypted: over 80% of web pages now load via HTTPS. Firefox has enabled DoH (DNS over HTTPS) in the United States. And TLS 1.3 requires Perfect Forward Secrecy, making passive decryption more challenging. The same encryption that protects the privacy of your online banking data also shields malware from discovery. Where does that leave our classic network-based security controls such as Intrusion Detection Systems and proxies?
In this webcast, SANS Fellow Eric Conrad will discuss the state of Internet encryption, and will provide methods for detecting malware that spreads and communicates via encrypted channels. He will also provide practical steps for analyzing and decrypting TLS, including decrypting TLS 1.3.