Hardware antivirus
-
Could be some1 can suggest hardware antivirus, I'm heard about Bitdefender box, but now they are do not offer him anymore? The point that by this hardware antivirus to check internet on WAN!
-
@Antibiotic pfSense has clamav I believe. But anything on the router canβt see into encrypted traffic. Bitdefender GravityZone has an option to scan HTTPS on the client.
-
@SteveITS said in Hardware antivirus:
Bitdefender GravityZone
This is for business solution, i guess and cloud based
-
@Antibiotic yes we use GZ for our clients. Does the retail version not have it?
Web and email is normally encrypted nowadays.
-
The only way to peer into encrypted traffic (which is darn near 100% of web and email traffic these days) is to use a MITM (man-in-the-middle) proxy certificate system. That means installing trusted certificates for your proxy on all clients (PCs, laptops, and phones) that you wish to monitor. The MITM intercepts and terminates a client's outbound connection to some website, decrypts the traffic, then the proxy establishes its own connection on behalf of that client to the original website. Traffic returned is re-encrypted using the proxy's certificate and sent back to the original client. For this to work without browsers throwing security errors, the proxy's certificate presented to the clients must be trusted and verifiable by the clients. And the clients must be configured to send all outbound requests to the proxy.
Doing this on a home system is very difficult and basically not really worth the effort to implement and maintain. There are "for sale" commercial systems that are cloud-based and handle the MITM interception for you. But again, this requires a customized configuration on each client. It's not something that just happens by magic by purchasing some service.
And attempting to virus scan encrypted traffic is a complete waste of effort. How would you scan encrypted traffic for a virus? After all, the data bits are scrambled up to appear as random data specifically so that nobody other than the final receiving client who has the decryption key can unscramble and read them. So, say you put a hardware virus scanner on your WAN, how is it going to make sense of encrypted traffic? That's why antivirus solutions work best at the traffic endpoints. Only there can they see unencrypted traffic by hooking into the client OS at a point after where the browser or other application has already decrypted the traffic and it is again cleartext.
