Setup HTTPS Inspection

Setup HTTPS Inspection

Overview
Over the couple of years, the internet is changing its dimensions in terms of security. The web is shifting towards HTTPS, to deliver secure services to users. “The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data”.  The authentication happens based on public key of website verified by client browser using trusted certificate authority. So, the users know, they are talking to right websites and their data is safe.
Until 2010 only 20% websites were using HTTPS protocol and rest of 80% websites were on HTTP. This equation started changing from 2010. For example, Earlier Google services including Google search were running on HTTP, for security reasons Google started services on HTTPS over HTTP. This change in the web, thrown challenges to security vendors and customers, but both are ready for better web & security.  
HTTP traffic is plain text-based message transfer over network, the traffic can be seen and filtered by any device in the middle. Malware detection and data leak prevention performed by security products on HTTP traffic to keep users and organizations safe. But HTTPS traffic is encrypted and traffic cannot be seen, filtered without decrypting traffic and decryption is only possible by trusted parties.
Decrypting HTTPS traffic for scanning is called HTTPS Inspection. If security products do not scan HTTPS traffic, then some users can upload confidential documents to google drive and share to where ever they want. Also, such users can download a malicious file and spread on company network which can completely hit on organizational productivity. There are lots more that can happen, So Security experts always recommend usage of HTTPS inspection enabled products for enhanced security.
Most of the old security products implemented before 2010 does not have an ability to scan HTTPS traffic including SafeSquid NTLM editions. SafeSquid SWG was implemented in 2012 with HTTPS inspection support and continually improved HTTPS inspection performance with SSL context caching and session resumption techniques.
To perform HTTPS inspection, SafeSquid should have trusted certificate authority (CA). You can use your enterprise CA as SafeSquid CA or You can generate a self-signed CA for organisation using SafeSquid's Self Service Portal.

Client Scenario

The director of network security in a financial organization wants to protect the enterprise network from any external threats coming from the web in the form of malware. To accomplish this, the director appoints Network administrator to make sure the computer network is upto date and operating as intended. The Network administrator needs to gain visibility into these sites otherwise bypass encrypted traffic and control access to malicious websites. The Network administrator should do the following:
Intercept and examine all the traffic, including SSL/TLS (encrypted traffic), coming in and going out of the enterprise network.
Bypass interception of requests to websites containing sensitive information, such as user financial information or emails.
Block access to harmful URLs identified as serving harmful or adult content.
Identify end users (employees) in the enterprise who are accessing malicious websites and block internet access for these users or block the harmful URLs.

Solution

To achieve all of the above, the Network administrator should set up a SafeSquid Secure Web Gateway (SWG) in the organization. The proxy server checks all the encrypted and unencrypted traffic passing through the enterprise network. It prompts for user authentication, and associates the traffic with a user. URL categories can be specified to block access to Illegal/Harmful, Adult, Malware and SPAM websites.

Benefits of HTTPS inspection

You can forbid use of personal google account for any google application like Gmail, YouTube, etc.
You can permit users with bypass privilege to access Facebook in Read Only mode. Users are not allowed to make posts, shares, or play games, chat with other Facebook Users, or post on their timeline, or Like posts made by others
You can enforce SafeSearch for users accessing Google Search, Yahoo Search, Bing Search, YouTube.
You can permit use of Google SSO for login to web applications
You can use Virus scanning for both HTTP and HTTPS sites.
You can forbid users from uploading files to any web site.

Configure the HTTPS inspection 

Setting up HTTPS inspection

Generate SSL (Self-Signed) certificates from self-service portal

You have to generate SSL certificate from self-service portal before configuring HTTPS inspection. 

Importing SafeSquid SSL certificate into your browser

When SafeSquid is installed in your network with HTTPS inspection enabled and SSL certificate not installed into the browser, then you will get an error while accessing the HTTPS websites. You have to install SafeSquid SSL certificate into the browsers.

Troubleshooting

See Also



    • Related Articles

    • Enabling HTTPS inspection on SafeSquid User Interface

      Access the SafeSquid interface Go to Configure Page Open Real time content security side menu Open HTTPS Inspection section Enable HTTPS Inspection Note: In newer versions of SafeSquid which are released after June-2017, setup tab is removed. You ...
    • Bypass HTTPS Inspection by using Request Types

      Business challenge The HTTPS inspection Bypass option enables you to define specific websites that are not subject to decryption as they flow through the proxy. Some websites may include personal identification information that should not be decrypt. ...
    • How does HTTPS inspection work with SafeSquid

      How does HTTPS inspection work with SafeSquid? 1. When user/client request a secure webpage say https://www.xyz.com (a HTTPS site) from the browser, SafeSquid will get CONNECT request from the client browser. 2. SafeSquid will check configuration ...
    • Setup Maximum limit on the Download size

      Overview This can be achieved using SafeSquid limits feature, there you will find an option to set up the limit on the Download size for users. Prerequisites If you are downloading files from HTTPS websites, then make sure that HTTPS Inspection in ...
    • Generating certificate which is required for HTTPS Inspection

      Importance of Certificates/ Why HTTPS-aware applications, like Internet Browsers, use SSL/TLS protocols to prevent communication with malicious web services. The SSL / TLS protocols enable applications to verify the identity of the remote web ...