Our intent with our tips is to exemplify some of the impracticalities involved with “brute force” shaping of encrypted traffic, and to offer some alternatives.
1) Insert Pre-Encryption software at each end node on your network.
This technique requires a special a custom APP that would need to be installed on Iphones, Ipads, and the laptops of end users. The app is designed to relay all data to a centralized shaping device in an un-encrypted format.
- assumes that the a centralized IT department has the authority to require special software on all devices using the network. It would not be feasible for environments where end users freely use their own equipment.
2) Use a sniffer traffic shaper that can decrypt the traffic on the fly.
- The older 40 bit encryption codes could be hacked by a computer in about a one week, the newer 128 bit encryption codes would require the computer to run longer than the age of the Universe.
3) Just drop encrypted traffic, don’t allow it, forcing users to turn off SSL on their browsers. Note: A traffic shaper, can spot encrypted traffic, it just can’t tell you specifically what it is by content.
- Seems rather draconian to block secure private transmissions, however the need to encrypt traffic over the Internet is vastly overblown. It is actually extremely unlikely for a personal information or credit card to get stolen in transit , but that is another subject
- Really not practical where you have autonomous or public users, it will cause confusion at best, a revolt at worst.
4) Perhaps re-think what you are trying to accomplish. There are more heuristic approaches to managing traffic which are immune to encryption. Please feel free to contact us for more details on a heuristic approach to shaping encrypted traffic.
5) Charge a premium for encrypted traffic. This would be more practical than blocking encrypted traffic, and would perhaps offset some of the costs for associate with the overuse of p2p encrypted traffic.