Hypertext Transfer Protocol with Security (HTTPS) is a combination of HTTP with
a network security protocol (such as SSL, Secured Sockets Layer). HTTPS connection
is used for
Web applications (such as online banking) that require secured connections to protect
sensitive content. Since traditional security devices are unable to decrypt and inspect
this
content, virus/malware and other threats embedded in HTTPS traffic can pass unobstructed
through your security defenses and on to your enterprise network.
The following lists some major concerns about HTTPS connections:
-
Virus scanning and content filtering policies cannot be applied to encrypted data
-
Digital certificates can be forged, expired or revoked since clients rarely check the certificate revocation list
-
Legitimate certificates can be easily obtained by a malicious third-party, causing users to assume that the information they provide is secure
-
Web browsers are vulnerable to certificate insertion attacks that allow a malicious intruder to gain access to a corporate intranet
-
Users may not have the required knowledge to decide if a certificate is to be trusted
-
Monitoring HTTPS traffic is difficult since the URL path and other information are concealed
TMWS closes the HTTPS
security loophole by decrypting and inspecting encrypted content. While decrypted,
data is
treated the same way as HTTP traffic to which URL filtering and scanning rules can
be applied.
Decrypted data is completely secure since it is still in the TMWS server's memory. Before leaving
TMWS, the data is encrypted for
secure passage to the client's browser.
-
Configure decryption rules to decrypt content based on selected URL categories.
-
Add digital certificates to the TMWS certificate store to verify whether a web server's signature is trusted.
-
Configure HTTPS tunnels to bypass the HTTPS traffic of certain websites without decryption and inspection.
 |
NoteIf you have HTTPS Inspection disabled at the global level (through ), all the HTTPS inspection configurations will be ignored.
|