Difference between revisions of "Setup HTTPS Inspection"

Overview

Over the couple of years, the internet is changing its dimensions in terms of security. The web is shifting towards HTTPS, to deliver secure services to users. “The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data”.  The authentication happens based on public key of website verified by client browser using trusted certificate authority. So, the users know, they are talking to right websites and their data is safe.

          Until 2010 only 20% websites were using HTTPS protocol and rest of 80% websites were on HTTP. This equation started changing from 2010. For example, Earlier Google services including Google search were running on HTTP, for security reasons Google started services on HTTPS over HTTP. This change in the web, thrown challenges to security vendors and customers, but both are ready for better web & security.  

          HTTP traffic is plain text based message transfer over network, the traffic can be seen and filtered by any device in the middle. Malware detection and data leak prevention performed by security products on HTTP traffic to keep users and organizations safe. But HTTPS traffic is encrypted and traffic cannot be seen, filtered without decrypting traffic and decryption is only possible by trusted parties.

          Decrypting HTTPS traffic for scanning is called HTTPS Inspection. If security products do not scan HTTPS traffic, then some users can upload confidential documents to google drive and share to where ever they want. Also such users can download a malicious file and spread on company network which can completely hit on organizational productivity. There are lots more that can happen, So Security experts always recommend usage of HTTPS inspection enabled products for enhanced security.

          Most of the old security products implemented before 2010 does not have an ability to scan HTTPS traffic including SafeSquid NTLM editions. SafeSquid SWG was implemented in 2012 with HTTPS inspection support and continually improved HTTPS inspection performance with SSL context caching and session resumption techniques.

          To perform HTTPS inspection, SafeSquid should have trusted certificate authority(CA). You can use your enterprise CA as SafeSquid CA or You can generate a self signed CA for organisation using SafeSquid's Self Service Portal.

Client Scenario

The director of network security in a financial organization wants to protect the enterprise network from any external threats coming from the web in the form of malware. To accomplish this, the director appoints Network administrator to make sure the computer network is upto date and operating as intended. The Network administrator needs to gain visibility into these sites otherwise bypass encrypted traffic and control access to malicious websites. The Network administrator should do the following:

• Intercept and examine all the traffic, including SSL/TLS (encrypted traffic), coming in and going out of the enterprise network.
• Bypass interception of requests to websites containing sensitive information, such as user financial information or emails.
• Block access to harmful URLs identified as serving harmful or adult content.
• Identify end users (employees) in the enterprise who are accessing malicious websites and block internet access for these users or block the harmful URLs.

Solution

To achieve all of the above, the Network administrator should set up a SafeSquid Secure Web Gateway (SWG) in the organization. The proxy server checks all the encrypted and unencrypted traffic passing through the enterprise network. It prompts for user authentication, and associates the traffic with a user. URL categories can be specified to block access to Illegal/Harmful, Adult, Malware and SPAM websites.

Benefits of HTTPS inspection

• You can forbid use of personal google account for any google application like Gmail, YouTube, etc.
• You can permit users with bypass privilege to access Facebook in Read Only mode. Users are not allowed to make posts, shares, or play games, chat with other Facebook Users, or post on their timeline, or Like posts made by others
• You can enforce SafeSearch for users accessing Google Search, Yahoo Search, Bing Search, YouTube.
• You can permit use of Google SSO for login to web applications
• You can use Virus scanning for both HTTP and HTTPS sites.
• You can forbid users from uploading files to any web site.

Configure the HTTPS inspection 

Generate SSL (Self-Signed) certificates from self service portal

You have to generate SSL certificate from self-service portal before configuring HTTPS inspection. 

• Setup your SSL (Self Signed) certificates from self-service portal
• Download SSL (Self Signed)Certificate from SafeSquid User Interface

Importing SafeSquid SSL certificate into your browser

When SafeSquid is installed in your network with HTTPS inspection enabled and SSL certificate not installed into the browser, then you will get an error while accessing the HTTPS websites. You have to install SafeSquid SSL certificate into the browsers.

• Importing into  Mozilla Firefox 
• Importing into Internet Explorer Or Chrome Browser

Enabling HTTPS inspection on SafeSquid User Interface

How does HTTPS work?

How does HTTPS inspection work with SafeSquid?

Troubleshooting

1. SSL certificate downloaded with zero  size OR unable to download SSL certificate
2. Application not working with HTTPS inspection
3. SSL certification errors
4. Certificate manageability

See Also

1. Integrate AD or OpenLDAP with SafeSquid
2. Enforce Safe Searches 
3. Enforce YouTube Restricted Mode 
4. Defend Against Malware And External Attacks