HTTPS Inspection

Hypertext Transfer Protocol with Security (HTTPS) is a combination of HTTP with a network security protocol (such as SSL, Secured Sockets Layer). HTTPS connection is used for Web applications (such as online banking) that require secured connections to protect sensitive content. Since traditional security devices are unable to decrypt and inspect this content, virus/malware and other threats embedded in HTTPS traffic can pass unobstructed through your security defenses and on to your enterprise network.

The following lists some major concerns about HTTPS connections:

  • Virus scanning and content filtering policies cannot be applied to encrypted data

  • Digital certificates can be forged, expired or revoked since clients rarely check the certificate revocation list

  • Legitimate certificates can be easily obtained by a malicious third-party, causing users to assume that the information they provide is secure

  • Web browsers are vulnerable to certificate insertion attacks that allow a malicious intruder to gain access to a corporate intranet

  • Users may not have the required knowledge to decide if a certificate is to be trusted

  • Monitoring HTTPS traffic is difficult since the URL path and other information are concealed

TMWS closes the HTTPS security loophole by decrypting and inspecting encrypted content. While decrypted, data is treated the same way as HTTP traffic to which URL filtering and scanning rules can be applied. Decrypted data is completely secure since it is still in the TMWS server's memory. Before leaving TMWS, the data is encrypted for secure passage to the client's browser.

  • Configure decryption rules to decrypt content based on selected URL categories.

  • Add digital certificates to the TMWS certificate store to verify whether a web server's signature is trusted.

  • Configure HTTPS tunnels to bypass the HTTPS traffic of certain websites without decryption and inspection.

Note:

If you have HTTPS Inspection disabled at the global level (through Policies > Global Settings > HTTPS Inspection), all the HTTPS inspection configurations will be ignored.