The recent Heartbleed vulnerability in SSL received significant media coverage. But what exactly is SSL? And why does your business need to think about how to manage SSL web traffic? CBR picked the brains of Charles Sweeney, CEO, Bloxx, to find out.
In simple terms, SSL creates a secure tunnel for Web traffic to be transmitted between the Web browser on an endpoint and a Web server.
This tunnel ensures that communication remains secure and prevents unauthorised eavesdropping of the information being sent and received. The simplicity of SSL has made it the de facto choice for secure Web-based transactions such as ecommerce sites and online banking. SSL traffic has grown dramatically and in some sectors, SSL traffic now accounts for 75% of overall Web traffic.
With the implementation of SSL now extending to other applications such as Web mail, what do you need to know to ensure that it remains a ‘secure line’ for your business? Charles Sweeney, CEO, Bloxx offers his top five considerations:
1. It’s not enough to assume that because the traffic is encrypted it is harmless. In many organisations, SSL traffic passes freely in and out of the network, yet not all traffic encrypted with SSL is benign. The content maybe inappropriate or contain malware threats that could harm an organisation’s network and endpoint devices, impact user productivity or see a company fall victim to a cyber attack.
2. Whilst SSL has evolved and cyber criminals have become more sophisticated in how they target it, many companies are still applying old world thinking to how they monitor and manage SSL traffic. For example, they mayhave implemented a gateway level URLcontent filter to proactively control the content that users are allowed to view. This provides protection against HTTP Web traffic, but because the Web filter can only check the top level domain or the IP address of an SSL request, then creating a granular filtering policy is impossible.
3. Another approach to managing SLL traffic is to deploy a Web filter that uses SSL certificate filtering. This takes advantage of the SSL certificate deployed on the Web server and allows the Web filter to obtain the URL being requested. However, there are a number of limitations to this approach. These include the fact that the user only receives a "page cannot be displayed" error and so will be unsure if this is due to a filtering policy restriction or a network, browser or Web server error; filtering relies only on the URL being requested and not the page content; and malicious content such as malware cannot be identified.
4. To ensure that no digital nasties slip through the net, SSL Web traffic needsto be proactively managed. One effective way to deliver this capability is deploy a Web filter or Secure Web Gateway that is able to intercept, decrypt and inspect the SSL traffic in real-time.To achieve this, the Web filter creates a secure connection between the client browser and the Web filter, and decrypts the SSL traffic into plain text. Then, after being analysed the traffic is re-encrypted and another secure connection is created between the Web filter and the Web server. This means that the Web filter is effectively acting like an SSL proxy server and so can both intercept the outbound SSL connection and inspect the inbound content for inappropriate content or malware.
5. Because SSL can often be associated with sensitive or confidential traffic, make sure that the Web filter you select can be easily configured to not decrypt traffic such as online banking, This capability ensures that users will be less concerned about SSL Web traffic being inspected. On that same note, make sure that your users are aware that SSL Web traffic is being inspected and that your Acceptable Use Policy is updated to cover this.