Customer Knowledge Post – SSL Bridging, Cyberoam’s Approach

This blog puts to rest all controversies arising out of
https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372

Cyberoam – Who are we?
Cyberoam UTM is a network security solution appliance vendor.

We secure our customers against internal, external, and blended threats. We are committed to our customers’ data confidentiality and integrity

HTTPS Deep Scan Inspection – The Universal Technology
HTTPS Deep Scan Inspection is driven by SSL Bridging Technology. In SSL Bridging, Cyberoam appliance provides self-signed certificate to the client whilst establishing a secure connection with the client and server. Hence, Cyberoam can now scan the SSL traffic for malwares. This is the only legitimately acceptable approach being followed by the network security vendors. TOR also acknowledges the same. A default certificate is shipped which remains the same across all the appliances.

Roles of Public and Private keys in SSL Bridging
Public and private key acts like lock and key mechanism where the lock (public key) is constant, but keys (private key) are variable.

Having said this, theoretically it is possible to decrypt SSL data using a conned private key. Cyberoam UTM does not allow import or export of the foresaid private key used for the SSL-Bridging technology.

Cyberoam – Not a Mass Surveillance Device but a Network Malware protection device
Cyberoam UTM either accepts or rejects, but does not store HTTPS Deep Scan Inspection data, as processing is done in real-time. The possibility of data interception between any two Cyberoam appliances is hence nullified.

Cyberoam secures with Confidence
Having vindicated Cyberoam technology, we appreciate TOR for the awareness campaign. However we would like to assure all our customers’ that Cyberoam continues to secure you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>