Pakistan Telecommunication Authority has install Next Generation Firewalls (NGFW) on all mobile network and Internet Traffic to monitor social media data. To which extent these Firewalls can be used to view / monitor the contents of the Social Media Apps is a million dollar question. But lets first under stand what is NGFW .
What is a Next Generation Firewall?
A Next Generation Firewall (NGFW) is a network security device that goes beyond the capabilities of traditional firewalls by incorporating additional layers of security. These include deep packet inspection (DPI), Intrusion prevention systems (IPS), Application awareness, and Advanced threat intelligence. NGFWs are designed to provide comprehensive protection against a wide range of cyber threats, including malware, ransomware, and complex distributed denial-of-service (DDoS) attacks.
Key Features of NGFWs
- Deep Packet Inspection (DPI): Unlike traditional firewalls that inspect only the header of a packet, NGFWs examine the entire packet, including its content. This allows for more granular control and the ability to detect and block malicious traffic.
- Application Awareness: NGFWs can identify and control applications, regardless of the port or protocol used. This is crucial for monitoring and managing the use of social media applications within a network.
- Intrusion Prevention Systems (IPS): Integrated IPS capabilities enable NGFWs to detect and prevent attacks in real-time by analyzing network traffic for signs of malicious activity.
- User Identity Awareness: NGFWs can enforce security policies based on user identities, allowing for more precise control over who can access what resources.
Benefits of Using NGFWs for Social Media Monitoring
- Enhanced Security: By monitoring social media activities, organizations can protect against data leaks, cyberbullying, and other malicious activities.
- Compliance: NGFWs help organizations comply with regulatory requirements by ensuring that social media usage adheres to established policies.
- Productivity: By controlling access to social media, organizations can minimize distractions and improve employee productivity.
- Encryption and Decryption: NGFWs can decrypt and inspect encrypted traffic, which is essential for monitoring platforms like WhatsApp that use end-to-end encryption. This ensures that even encrypted communications can be analyzed for potential threats.
In other words we can say that Next Generation Firewalls represent a significant advancement in network security, offering comprehensive protection and the ability to monitor user activities on social media platforms. By leveraging features like deep packet inspection, application awareness, and user identity awareness, NGFWs can help organizations enhance their security posture while ensuring compliance and productivity. However, it’s crucial to address privacy concerns and ensure that these powerful tools are used responsibly.
Can NGFWs contents of Social Media Apps like WhatsApp or Snapchat which claims of using End-to-End Encryption (E2EE)
Social Media Applications like Facebook, WhatsApp and Snapchat use End-to-End Encryption (E2EE) for messages, which means only the sender and recipient can read the content. Even the companies themselves can’t access the encrypted data. WhatsApp claims that :
“ Security is essential to the service WhatsApp provides. We’ve seen multiple examples where criminal hackers illegally obtained vast sums of private data and abused technology to hurt people with their stolen information. Since completing the implementation of end-to-end encryption in 2016, digital security has become even more important.
WhatsApp has no ability to see the content of messages or listen to calls that are end-to-end encrypted. That’s because the encryption and decryption of messages sent and received on WhatsApp occurs entirely on your device. Before a message ever leaves your device, it’s secured with a cryptographic lock, and only the recipient has the keys. In addition, the keys change with every single message that’s sent. While all of this happens behind the scenes, you can confirm your conversations are protected by checking the security verification code on your device. “
NGFWs can perform deep packet inspection (DPI) and analyse metadata, but they cannot decrypt E2EE messages without access to the encryption keys. Here are some ways NGFWs handle encrypted traffic:
- Metadata Analysis: NGFWs can analyze metadata (e.g., sender and recipient information, message size, frequency of communication) to detect suspicious patterns without decrypting the content
- Traffic Patterns: By examining traffic patterns, NGFWs can identify unusual behaviors that might indicate malicious activity, even if the content is encrypted2.
- SSL/TLS Inspection: For traffic that uses SSL/TLS encryption (common in HTTPS websites), NGFWs can perform SSL/TLS inspection by acting as a man-in-the-middle (MITM) proxy. This allows the firewall to decrypt and inspect the traffic before re-encrypting it and sending it to the destination. However, this method does not work with E2EE
However a firewall with Deep Packet Inspection (DPI) capabilities can inspect packet headers and metadata, but cannot view the contents of E2EE encrypted messages. DPI can only:
- Monitor traffic patterns and volumes
- Block or filter specific protocols or ports
- Inspect unencrypted data
However, there are some concerns:
- Metadata collection: DPI can collect metadata, such as sender, recipient, and timestamp.
- Encryption bypass: If the firewall can manipulate or intercept encryption keys, it might access encrypted content (although this is highly unlikely and would require significant resources).
Lets explain further with examples and diagrams!
End-to-End Encryption (E2EE)
Imagine you’re sending a secret letter to a friend.
Unencrypted : Sender → [Plaintext Letter] → Mailman → Recipient . Anyone, including the mailman, can read the letter.
E2EE : Sender → [Encrypted Letter] → Mailman → Recipient . Only the sender and recipient have the decryption key. The mailman can’t read the letter.
WhatsApp/Snapchat E2EE : Sender → [Encrypted Message] → Server → Recipient . Only the sender and recipient can read the message. Even the server can’t access the encrypted content.
Deep Packet Inspection (DPI)
A firewall with DPI can inspect packets, like a mailman examining envelopes.
DPI Capabilities :
- Packet Header Inspection
| Packet Header | Contents |
| Source IP | 192.168.1.1 |
| Destination IP | 8.8.8.8 |
| Protocol | TCP |
- Metadata Collection
| Metadata | Contents |
| Sender | Alice |
| Recipient | Bob |
| Timestamp | 1643723900 |
So we can say that NGWs can extract Meta Data like , Source IP Address , Destination IP Address , Application Info , Sender Name , Recipient Name , Time Stamp from Data Packets but not the contents of E2E message. But as technology is evolving day by day and new hardware are designed every now and then , it is pretty evident that soon there would be Firewalls that have the ability to break the encryption and inspect the content of the message.
