Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 345 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it true that routers, like the Sophos XGS 87 decrypt the data stream on VPN connections?

Aqib Kaved

I have a NordVPN account and the router at our office is Sophos XGS 87. According Sophos literature they do deep packet inspection on TLS 1.0 to 1.3 (HTTPS) connections.

It seems the router acts as a "man in the middle" so that it acquires the encryption key and then uses it to inspect all encrypted traffic.

I asked NordVPN if this would impact the session with their VPN service. Their only reply, on repeated requests, is that they use AES 256bit encryption for the connection but they don't say what encryption is used to make the connection or if Sophos router can pose as client?

My concern is that if the router can pose as the VPN client it will decrypt-inspect-encrypt all traffic passing through it. I am working outside office hours, which the company allows me to do on their network, but I value my privacy and security.

If my concern is valid, then is this true of all VPN services?

Addendum - I should have included my source information:

The original reply from NordVPN:

1st Reply: AES became effective as a federal government standard on May 26, 2002, after approval by the Secretary of Commerce. AES is included in the ISO/IEC 18033-3 standard. AES is available in many different encryption packages and is the first (and only) publicly accessible cipher approved by the National Security Agency (NSA) for top secret information when used in an NSA-approved cryptographic module (see Security of AES, below).

Secret agencies around the world are using this protocol to encrypt top-secret documents.

NordVPN also utilizes NGE (Next Generation Encryption) in IKEv2/IPsec. It is the protocol that not only provides military-grade encryption standards, stability, and high-performance speed but at least for the moment cannot be cracked even by the strongest computers. For these reasons, it is highly recommended by NordVPN and has been adopted as a default in the NordVPN apps for iOS and macOS.

2nd Reply: It should be impossible for a firewall/router device to find and receive the private key to decrypt and inspect the data as our service uses the most advanced AES-256bit encryption standard.

Therefore, your VPN connection with our services is not exposed.

Link at Sophos:

https://www.sophos.com/en-us/products/next-gen-firewall/features.aspx



This thread was automatically locked due to age.
Parents
  • 0

    With TLS inspection, the client knows whether it's talking to a MITM device that's decrypting the traffic, because that device cannot use the legitimate TLS certificate that the real server would have. (This is the point of certificates and CAs/roots.)

    The MITM device will still serve a similar-looking certificate, but it won't validate against the standard set of root CAs – it will only be accepted if your computer has the company's private root CA installed. If in doubt – visit a website, open its detailed certificate information, and you'll see whether it chains up to a public CA or to something suspicious-looking.

    Most VPN protocols do not use TLS for the data channel; they might use it for the setup handshake, but then switch over to a different protocol.

    According to articles, NordVPN supports the IPsec/IKEv2, OpenVPN, and WireGuard protocols. Out of those, IKEv2 and WireGuard don't use TLS at all, while OpenVPN uses it for the setup in a modified way that a basic HTTPS-oriented DPI wouldn't recognize as TLS, later switching to non-TLS encryption for data.

    The app likely uses TLS (HTTPS) to retrieve server addresses, and to enroll the device's WireGuard public key (WG itself is not TLS-based), but one would need considerably more than just a generic TLS-inspecting device to attack the VPN in this way.

Reply
  • 0

    With TLS inspection, the client knows whether it's talking to a MITM device that's decrypting the traffic, because that device cannot use the legitimate TLS certificate that the real server would have. (This is the point of certificates and CAs/roots.)

    The MITM device will still serve a similar-looking certificate, but it won't validate against the standard set of root CAs – it will only be accepted if your computer has the company's private root CA installed. If in doubt – visit a website, open its detailed certificate information, and you'll see whether it chains up to a public CA or to something suspicious-looking.

    Most VPN protocols do not use TLS for the data channel; they might use it for the setup handshake, but then switch over to a different protocol.

    According to articles, NordVPN supports the IPsec/IKEv2, OpenVPN, and WireGuard protocols. Out of those, IKEv2 and WireGuard don't use TLS at all, while OpenVPN uses it for the setup in a modified way that a basic HTTPS-oriented DPI wouldn't recognize as TLS, later switching to non-TLS encryption for data.

    The app likely uses TLS (HTTPS) to retrieve server addresses, and to enroll the device's WireGuard public key (WG itself is not TLS-based), but one would need considerably more than just a generic TLS-inspecting device to attack the VPN in this way.

Children
No Data