Network Security
PQC and Decryption
Table of Contents
Expand All
|
Collapse All
Network Security Docs
-
- Security Policy
-
- Security Profile Groups
- Security Profile: AI Security
- Security Profile: WildFire® Analysis
- Security Profile: Antivirus
- Security Profile: Vulnerability Protection
- Security Profile: Anti-Spyware
- Security Profile: DNS Security
- Security Profile: DoS Protection Profile
- Security Profile: File Blocking
- Security Profile: URL Filtering
- Security Profile: Data Filtering
- Security Profile: Zone Protection
-
- Policy Object: Address Groups
- Policy Object: Regions
- Policy Object: Traffic Objects
- Policy Object: Applications
- Policy Object: Application Groups
- Policy Object: Application Filter
- Policy Object: Services
- Policy Object: Auto-Tag Actions
- Policy Object: Devices
-
- Uses for External Dynamic Lists in Policy
- Formatting Guidelines for an External Dynamic List
- Built-in External Dynamic Lists
- Configure Your Environment to Access an External Dynamic List
- Configure your Environment to Access an External Dynamic List from the EDL Hosting Service
- Retrieve an External Dynamic List from the Web Server
- View External Dynamic List Entries
- Enforce Policy on an External Dynamic List
- Find External Dynamic Lists That Failed Authentication
- Disable Authentication for an External Dynamic List
- Policy Object: HIP Objects
- Policy Object: Schedules
- Policy Object: Quarantine Device Lists
- Policy Object: Dynamic User Groups
- Policy Object: Custom Objects
- Policy Object: Log Forwarding
- Policy Object: Authentication
- Policy Object: Decryption Profile
- Policy Object: Packet Broker Profile
-
-
-
- The Quantum Computing Threat
- How RFC 8784 Resists Quantum Computing Threats
- How RFC 9242 and RFC 9370 Resist Quantum Computing Threats
- Support for Post-Quantum Features
- Post-Quantum Migration Planning and Preparation
- Best Practices for Resisting Post-Quantum Attacks
- Learn More About Post-Quantum Security
-
-
-
- Investigate Reasons for Decryption Failure
- Identify Weak Protocols and Cipher Suites
- Troubleshoot Version Errors
- Troubleshoot Unsupported Cipher Suites
- Identify Untrusted CA Certificates
- Repair Incomplete Certificate Chains
- Troubleshoot Pinned Certificates
- Troubleshoot Expired Certificates
- Troubleshoot Revoked Certificates
PQC and Decryption
This chapter focuses on post-quantum cryptography features, tools, and tasks that
rely on decryption.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
No separate license required for decryption when using NGFWs or
Prisma Access.
Note: The features and capabilities available to you in
Strata Cloud Manager depend on your active license(s).
|
Post-quantum cryptography (PQC), also known as
quantum-resistant cryptography refers to a cryptographic system designed to secure
communications against the capabilities of quantum and classical computers. As quantum
computers advance, they will eventually be able to quickly solve and break the
public-key cryptographic systems widely trusted today. Quantum algorithms, such as
Shor's algorithm, have demonstrated the ability to efficiently factor large numbers,
quickly breaking classical cryptosystems. Another concern is Harvest Now, Decrypt Later attacks in which
bad actors collect and store encrypted data today with the intention of
decrypting it later, when the quantum computing tools needed to decrypt the data
become available.
Post-quantum migration planning and
preparation is critical given the current and evolving quantum computing threat to security. NIST standardization, the deployment of post-quantum
algorithms and hybrid post-quantum algorithms by major enterprises and services, ongoing
discussions, and research add to the urgency of planning and transitioning to PQC.
Today, decryption provides visibility and insights that help you harden network security
and protect your organization from threats posed by early PQC use and advancements in
post-quantum computing. You can control and monitor the usage of PQC on your
network.The Palo Alto Networks NGFW detects, blocks, and logs the use of PQC and
hybrid PQC algorithms in TLSv1.3 sessions. Decryption logs are an important tool for
monitoring PQC activity on your network. Logs offer visibility into potential security
risks associated with current PQC implementations and future quantum threats. Our
decryption PQC enhancements aim to improve visibility and facilitate informed
decision-making that can protect your network infrastructure. New support also
prioritizes a smooth transition to PQC, maximum interoperability, and adaptability to
future advancements.
To prepare for the future, you can assess the vulnerabilities in your current
infrastructure and implement changes, such as blocking PQC use or deploying quantum-resistant VPNs.
The Quantum Security Administration guide provides
additional context on post-quantum cryptography, the quantum computing threat, preparing
your organization for quantum computing advancements, and features beyond
decryption.