Tuesday, November 15, 2011

Inspecting HTTPS traffic on gateways


In the past, security devices inspecting application content for attack patterns, misuse or malware, had been blind to encrypted traffic and due to this encrypted protocols like Hypertext Transfer Protocol Secure (HTTPS) have been a safe method used by attackers to bypass security inspection. Though reverse proxies and Web Server modules have been there for long, but they only inspect incoming traffic i.e. connections made to protected web servers in the organization. Inspecting outgoing traffic or traffic of connections made by users to outside world servers, not protected by the device, had been on the wish lists. Devices these days come with the capability to inspect Secure Sockets Layer (SSL) based outgoing traffic, however there are some concerns enabling such kind of inspection. In this article we cover some basics of SSL, the challenges in inspecting SSL traffic, and also see how Check Point's HTTPS Inspection feature starting from R75.20 is able to inspect HTTPS traffic at the gateway. After reading this article you will know the pros and cons of enabling SSL inspection on a gateway.

Read further or download the entire document in PDF format below:
Inspecting HTTPS Traffic on Gateways