Decrypting Decryption (Episode 24) Learning Happy Hour

Рет қаралды 20,025

Palo Alto Networks LIVEcommunity

Күн бұрын

Пікірлер: 52

@cathyn137 5 жыл бұрын

I was struggling to understand the concept until I watched this video. Thank you!!

@ashokreddyb7867 4 жыл бұрын

It's just awesome. The way he elucidated is like spoon feeding. He hammered impervious brains which don't allow cryptographic stuff easily with his explanation. Great stuff. Kudos to all of you.

@popz2049 3 жыл бұрын

Shakti's the best trainer I've had hands down!

@PaloAltoNetworksLiveCommunity 3 жыл бұрын

Great to hear. We will share this feedback with him!

@joseluisquintero4076 2 жыл бұрын

Great Explanation!

@richardege7037 2 жыл бұрын

Excellent presentation...

@gopibanjare9620 2 жыл бұрын

Great explanation!! Clear understanding of this concept. Thank you guys

@PaloAltoNetworksLiveCommunity 2 жыл бұрын

Hi gopi, thanks for your feedback ! Glad to hear you found it useful !

@gopibanjare9620 2 жыл бұрын

I would like to request you please make video on life of packet in detail. Thank you!

@mursalqaiser4779 2 жыл бұрын

Say Hi to Shakti and give special thanks to him. I really really like way of teaching and he did not leave any ambiguity. I am very thankful to him.

@imshrikantdesai Жыл бұрын

Superb... Each and every process is very nicely explained. This will definitely help beginners to understand the details of DPI transactions.

@d5sturbed 4 жыл бұрын

this is super awesome! i was really struggling to get the whole SSL handshake idea in my head but this is just totally spot on! Subscribed.

@augustbernard3396 3 жыл бұрын

Best explanation of decryption I’ve seen! Thank you so much!

@johnmanufan 4 жыл бұрын

Absolutely brilliant video, thanks very much

@saqarif 3 жыл бұрын

Hi, Shakti, You explained it tremendously. Now, The certifications' handshaking is in my mind in the decryption stage. :)

@bain6514 4 жыл бұрын

Brilliant Explanation. Thank you.

@PaloAltoNetworksLiveCommunity 4 жыл бұрын

You are welcome!

@jucelinodosreis 2 жыл бұрын

thank you for sharing

@tonytshoot567 5 жыл бұрын

Well presented! Great job!

@20kaif 4 жыл бұрын

you explained concept really well..Thanks

@PaloAltoNetworksLiveCommunity 4 жыл бұрын

Thank you for the positive feedback! Check out the LIVEcommunity page for more great info: live.paloaltonetworks.com

@odhiyah6167 5 жыл бұрын

Just cemented what I learned before, Thank you

@PaloAltoNetworksLiveCommunity 5 жыл бұрын

That's great to hear!

@5Incognito 4 жыл бұрын

I was about to give up on changing my career, reading isn't informative and concepts are really hard for someone with no background, but BIG THANKS to your effort and organized explanation, that was really detailed. I respect your side comments and notes about stuff that takes place like NATTING and other things you mentioned, I wish you could have included them explained but I guess the video then will be quite longer.

@PaloAltoNetworksLiveCommunity 4 жыл бұрын

Thanks for sharing such positive feedback! We are glad this video helped you. If you want to learn more, we encourage you to check out the LIVEcommunity page for more great information: live.paloaltonetworks.com

@novakonstant 5 жыл бұрын

Excellent explanation.

@giridharradhakrishnan5816 3 жыл бұрын

Why do we need to create an Untrusted CA (19:38)? Why should the firewall allow connections from server with untrusted CA? Can someone explain?

@aimanrashid3449 2 жыл бұрын

If the server doesn't have a trusted CA, it is your choice to either pass or block the session. Not only this, but also PA supports that if the server certificate doesn't support specific ciphers or keys etc. you can block the sessions. So, its not necessary to pass the session back to the client. Now, in some cases, customers need to pass the server sessions back to clients even if certificate is untrusted. In this case, imagine proxy (PA) signs the certificate with its Forward trust certificate then the client would ALWAYS trust the server. To let the client know that server has untrusted cert, the untrust CA is used to generate the untrust cert. Hope this answers your query.

@scolpi73 5 жыл бұрын

Thank you, a very clear explanation.

@networksecurity778 2 жыл бұрын

This lecture does give any training courses ?

@kanakashriyakrishnamoorthy8821 Жыл бұрын

Does decryption happen for each payload that is being sent for a single stream of TCP ?

@austinaaron7018 Жыл бұрын

How will diffie helman key exchange fit in to this?

@PramodYadav-fp2dj 2 жыл бұрын

I have a query, why can't we global signed CA for SSL decryption?

@sriramp6952 5 жыл бұрын

Excellent... Please plan the deep dive video for Packet flow as well.

@PaloAltoNetworksLiveCommunity 5 жыл бұрын

Sriram, we think you are gonna love episode 26 😉

@skhaiderali786 5 жыл бұрын

very well explained

@handerohan8979 3 жыл бұрын

Great explanation... really appreciate it the way its explained... one thing i would like to know that about clear text... in between two session there will be clear text data on forward proxy. Is it mean that data is in read format for system or network admin ?

@PaloAltoNetworksLiveCommunity 3 жыл бұрын

Hi, decrypted traffic does not leave the next-generation firewall, and inspection of traffic to prevent threats takes place within the firewall. This preserves TLS’s promises of confidentiality and integrity. Source: www.paloaltonetworks.com/resources/whitepapers/decryption-why-where-and-how

@handerohan8979 3 жыл бұрын

@@PaloAltoNetworksLiveCommunity Thanks for taking time to response .. i agreed with examination that clear text traffic dosen't leave firewall but it easy to admin to tap or mirror port and read the clear text format ? Such for confidential data like banking & financial website. ?

@ChillWill9311 5 жыл бұрын

Excellent !

@ashokreddyb7867 4 жыл бұрын

One small request... You have made everything clear and left remnant portion. Would be great if you could explain how session key or session id is created. Thanks in advance

@vivekprajapati7911 5 жыл бұрын

great thanks sir more videos on different topics.

@PaloAltoNetworksLiveCommunity 5 жыл бұрын

Please feel free to subscribe to our channel as we produce videos regularly, thanks for watching!

@arian7472 3 жыл бұрын

if FW break the communication into two sessions why it can't decrypt the DHE key exchange

@kadheimcooper4606 3 жыл бұрын

DHE doesn’t use certificates, it’s a completely different algorithm that’s purely on mathematical computation.

@mkbysmk 3 жыл бұрын

Can't you convert it to the Full HD, please? Thanks in advance :)

@umbrellageeks9421 4 жыл бұрын

awesome!!

@balachandarsivasamy7958 5 жыл бұрын

Great 👍

@MOHDBILAL-ed2xy 3 жыл бұрын

👌

@sumitnick4 Жыл бұрын

Key usage explained is inaccurate. Client_write_key, server_write_key are used in each direction for encryption and decryption

@nxu5107 3 жыл бұрын

I think you lost me as soon as you started talking about the Root CA. Is there a video that quickly but clearly explain the steps that are required to do SSL decryption on a PA firewall Please ...please please... just the steps and a brief description as to why. While this video is good to understand the infrastructure and the process and etc etc., we need quick solutions.. as admins we hardly have time to sit and listen to PhD thesis. Sorry.