Setup HTTPS Inspection

From Secure Web Gateway
Share/Save/Bookmark
(Redirected from Configure HTTPS Inspection)
Jump to: navigation, search

Overview

Over the couple of years, the internet is changing its dimensions in terms of security. The web is shifting towards HTTPS, to deliver secure services to users. “'The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data”.  The authentication happens based on public key of website verified by client browser using trusted certificate authority. So, the users know, they are talking to right websites and their data is safe.

          2001-2010 there is only 20% of websites enable HTTPS and rest all 80% of websites using HTTP. Starting from 2011 the websites continuously enabled HTTPS and completely disabled HTTP. The equation is now changed to 80% of HTTPS and 20% of HTTP. For example, Earlier Google services including Google search are delivered on HTTP, for security reasons Google enabled HTTPS and provides services over HTTPS and disabled services over HTTP. This change in web, thrown challenges to security vendors and customers, but both are ready for better web & security.  

          HTTP traffic is plain text based message transfer over network, the traffic can be seen and filtered by any device in the middle. Malware detection and data leak prevention performed by security products on HTTP traffic to keep users and organizations safe. But HTTPS traffic is encrypted and traffic cannot be seen, filtered without decrypting traffic and decryption is only possible by trusted parties.

          Decrypting HTTPS traffic is called HTTPS Inspection. If security products do not decrypt HTTPS traffic, then users can upload confidential documents to google drive and share to where ever they want. Can download a malicious file from Social media websites over HTTPS which can completely hit on organization productivity. There are lot more that can happen, So Security experts always recommend usage of HTTPS inspection enabled products for enhanced security.

          Most of the old security products implemented before 2010 does not have an ability to decrypt HTTPS traffic including SafeSquid NTLM editions. SafeSquid SWG was implemented in 2012 with HTTPS inspection support and continuously improved HTTPS inspection performance with SSL context caching and session resumption techniques.

          To perform HTTPS inspection, SafeSquid should have trusted certificate authority(CA). You can use your enterprise CA as SafeSquid CA or You can generate a self signed CA for organisation using SafeSquid's Self Service Portal.

 

Client Scenario

The director of network security in a financial organization wants to protect the enterprise network from any external threats coming from the web in the form of malware. To do this, the director needs to gain visibility in to otherwise bypassed encrypted traffic and control access to malicious websites. The director is required to do the following:

  • Intercept and examine all the traffic, including SSL/TLS (encrypted traffic), coming into and going out of the enterprise network.
  • Bypass interception of requests to websites containing sensitive information, such as user financial information or emails.
  • Block access to harmful URLs identified as serving harmful or adult content.
  • Identify end users (employees) in the enterprise who are accessing malicious websites and block internet access for these users or block the harmful URLs.

Solution

To achieve all of the above, the director can set up a proxy on all the devices in the organization and point it to the SafeSquid Secure Web Gateway (SWG), which acts as a proxy server in the network. The proxy server intercepts all the encrypted and unencrypted traffic passing through the enterprise network. It prompts for user authentication, and associates the traffic with a user. URL categories can be specified to block access to Illegal/Harmful, Adult, and Malware and SPAM websites.

 

Benefits of HTTPS inspection

  • You can forbid use of personal google account for any google application like Gmail, YouTube, etc.
  • You can permit users with bypass privilege to access Facebook in Read Only mode. Users are not allowed to make posts, shares, or play games, chat with other Facebook Users, or post on their timeline, or Like posts made by others
  • You can enforce SafeSearch for users accessing Google Search, Yahoo Search, Bing Search, YouTube.
  • You can permit use of Google SSO for login to web applications
  • You can use Virus scanning for both HTTP and HTTPS sites.
  • You can forbid users from uploading files to any web site.

 

Configure the HTTPS interception 

Generate SSL (Self-Signed) certificates from self service portal

First you have to generate SSL certificates from self-service portal  before configuring HTTPS inspection. 

Importing SafeSquid SSL certificate into your browser

Install SafeSquid SSL certificates into the browsers. If you did not install certificate into the browser and HTTPS inspection is enabled, then you will get an error while accessing the HTTPS websites.

Enabling HTTPS inspection on SafeSquid User Interface

How does HTTPS work?

How does HTTPS inspection work with SafeSquid?

Https inspection flow.PNG

Troubleshooting

  1. SSL certificate downloaded with zero  size OR unable to download SSL certificate
  2. Application not working with HTTPS inspection
  3. SSL certification errors
  4. Certificate manageability

See Also

  1. Integrate AD or OpenLDAP with SafeSquid
  2. Enforce Safe Searches 
  3. Enforce YouTube Restricted Mode 
  4. Defend Against Malware And External Attacks