Integrated SSL Scanning
Page 1 Finjan proprietary and confidential
1. Introduction
The main role of Secure Socket Layer (SSL) is to provide security for Web
traffic. Security includes confidentiality, message integrity, and
authentication. SSL achieves these elements of security through the use
of cryptography, digital signatures, and certificates.
The Finjan Vital Security series is an enterprise solution which protects
users and organizations from Web attacks, including attacks traveling
inside encrypted HTTPS communication. The HTTPS functionality is
integrated into the Vital Security NG appliance, providing unified setup,
management, authentication and identification as well as the ability for
system administrators to set HTTPS policies.
The HTTPS scanning solution protects enterprise networks by decrypting
HTTPS traffic and inspecting it for viruses, worms and malicious code and
by providing encrypted Web attack protection, certificate validation and
content filtering.
Integrated HTTPS scanning is a license based feature which enables the
scanning server to be configured to support HTTPS. HTTPS configuration
can be carried out system wide or per Scanning Server.
In addition to the scanning solution for HTTP traffic, Finjan also provides
certificate validation functionality. This ensures that corporate policies
regarding certificates are enforced by automatically validating each
certificate and ensuring that the chain goes back to the trusted authority.
In this way, corporate policies are maintained while users are provided
with the benefit of being able to access SSL traffic.
2. HTTPS Scanning
When HTTPS scanning is enabled, the Vital Security Scanning Server
acts as a “man in the middle” meaning that the end-user requests the
server’s certificate from the Scanning Server, which fetches it from the
original web server. The Scanning Server then validates the certificate and
according to the security policy, sends it to the user or blocks it. This
transaction includes two sessions: one session between the client and the
Scanning Server and another session between the Scanning Server and
the original web server.
2.1 On the Fly Certificate Generation
When HTTPS Scanning is enabled, there are two HTTPS connections for
each session: a connection between the end-user and the Scanning
Server and a connection between the Scanning Server and the HTTPS
server. When the end-user first sends the request to the Scanning Server,
the Scanning server does not have the certificate of the original web
server, so it has to fetch the certificate before establishing the connection.
The Scanning Server fetches the certificate from the HTTPS server and
To Next Page
Loading...
Need help?
General
