Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 31 subscribers
  • Views 754 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it true that routers, like the Sophos XGS 87 decrypt the data stream on VPN connections?

Aleena Khan

I have a NordVPN account and the router at our office is Sophos XGS 87. According Sophos literature they do deep packet inspection on TLS 1.0 to 3.0 (HTTPS) connections.

It seems the router acts as a "man in the middle" so that it acquires the encryption key and then uses it to inspect all encrypted traffic.

I asked NordVPN if this would impact the session with their VPN service. Their only reply, on repeated requests, is that they use AES 256bit encryption for the connection but they don't say what encryption is used to make the connection or if Sophos router can pose as client?

My concern is that if the router can pose as the VPN client it will decrypt-inspect-encrypt all traffic passing through it. I am working outside office hours, which the company allows me to do on their network, but I value my privacy and security.

If my concern is valid, then is this true of all VPN services?



This thread was automatically locked due to age.
  • 0

    Yes, if you have setup decrypt and scanning. The checks are primarily for malware, illegal access to sites or application use. If your management has blocked or disallowed vpns then connections will fail.

    ian

  • 0

    It is quite simple. 

    There are two different approaches, DPI works. It can show you, which algorithm you use. Its like looking at you, while you lock the door. I can tell by simply looking at your hand, if you use a key, a fingerscanner or your face to lock the door. I cannot enter at this stage. 

    The other approach is to replace the keys and do a MITM "attack" to be able to copy the key to look into the content. 

    But to do this, you (as a client) needs to give your permission. Sophos (or any other vendor) cannot do this technically. If this would be possible, we could stop doing https / vpn etc. because everybody could read the traffic. 

    Be aware: If this device is managed, the conses to give permission could be done by a management platform. 

  • 0

    ADDED: Just read your sentence about the company's computer. I assume they admin it. They have very strong reasons for not allowing you to VPN through their network, ranging from security to liability for your actions. So they probably force your machine to trust their CA certificate and do the MitM, and then block any VPNs that they can detect. If you want privacy don't do things on your employer's network. You have no right to privacy there.

    ORIGINAL: The key thing is that a client and server can detect a man in the middle. Your browser, for example, uses TLS and will give you a warning if your XSG is doing DPI by doing a MitM. That's why you have to copy the XGS's certificate down to your computer and mark it as a trusted Certificate Authority certificate.

    So if you control your laptop as the admin, you will know if someone turned on TLS decryption on your XGS. If it's not your laptop, it doesn't really matter what happens on the XGS, the admin of your laptop can get access to your data before any encryption if they want.

    Even if you mark the XGS' CA certificate as trusted, the server at the far end can still detect that the certificate is not the one that is "pinned" in the client. If it wants: some servers like banks will do this check.

    This is using the HTTP-TLS-style certificate and authority mechanism, which allows creation of certificates by Certificate Authorities and can check for authorizations.

    You could also just generate a key on the server end and somehow get it to the client end and then encrypt your data with this key. No certificates, no certificate infrastructure, no authorities, just a key that you either know or don't know. In that case, there's no MitM possible unless your key has been compromised. There's no way for anyone to insinuate themselves into the middle. Similarly, public key encryption allows the client to use a public key and unless the encryption is cracked because of inherent weaknesses, etc, there's also no possibility of a MitM.

    So depending on how NordVPN encrypts its VPN, it's either impossible to MitM, or you can detect at either end that a MitM is happening and you either accept it or not. The question is: what mechanism is the VPN provider using and if it is a certificate-infrastructure mechanism like TLS do they detect MitM and stop the connection or not.

  • 0

    With TLS inspection, the client knows whether it's talking to a MITM device that's decrypting the traffic, because that device cannot use the legitimate TLS certificate that the real server would have. (This is the point of certificates and CAs/roots.)

    The MITM device will still serve a similar-looking certificate, but it won't validate against the standard set of root CAs – it will only be accepted if your computer has the company's private root CA installed. If in doubt – visit a website, open its detailed certificate information, and you'll see whether it chains up to a public CA or to something suspicious-looking.

    Most VPN protocols do not use TLS for the data channel; they might use it for the setup handshake, but then switch over to a different protocol.

    According to articles, NordVPN supports the IPsec/IKEv2, OpenVPN, and WireGuard protocols. Out of those, IKEv2 and WireGuard don't use TLS at all, while OpenVPN uses it for the setup in a modified way that a basic HTTPS-oriented DPI wouldn't recognize as TLS, later switching to non-TLS encryption for data.

    The app likely uses TLS (HTTPS) to retrieve server addresses, and to enroll the device's WireGuard public key (WG itself is not TLS-based), but one would need considerably more than just a generic TLS-inspecting device to attack the VPN in this way.