Integrated SSL Scanning
Page 1 Finjan proprietary and confidential
1. Introduction
The purpose of the Secure Socket Layer (SSL) is to provide security for
the transmission of data over the Internet. Security includes confidentiality,
message integrity, and authentication. SSL achieves these elements of
security through the use of cryptography, digital signatures, and
certificates.
The Finjan Vital Security series is an enterprise solution that protects
users and organizations from Web attacks, including attacks concealed in
encrypted HTTPS communication. The HTTPS functionality is integrated
into the Vital Security NG appliance, providing unified setup, management,
authentication and identification, and the ability for system administrators
to set HTTPS policies.
The HTTPS scanning solution protects enterprise networks by decrypting
HTTPS traffic and inspecting it for viruses, worms, and malicious code. It
also provides encrypted Web attack protection, certificate validation, and
content filtering.
Integrated HTTPS scanning is a license-based feature that enables the
scanning server to be configured to support HTTPS. HTTPS configuration
can be carried out system-wide or per Scanning Server.
In addition to the scanning solution for HTTP traffic, Finjan also provides
certificate validation functionality. This ensures that corporate policies
regarding certificates are enforced by automatically validating each
certificate and ensuring that the chain returns to the trusted authority. In
this way, corporate policies are maintained, while users are provided with
the benefit of being able to access SSL traffic.
2. HTTPS Scanning
When HTTPS scanning is enabled, Vital Security Scanning Server serves
as an intermediary, acting both as an HTTPS server replying to the end-
user requests, and as an HTTPS client requesting the original HTTPS
server for the content on behalf of the end-user. When the end-user
requests the server’s certificate from the Scanning Server, the Scanning
Server retrieves the certificate from the original Web server. The Scanning
Server then validates the certificate and, according to the security policy,
sends it to the user or blocks it. This transaction includes two sessions,
one between the client and the Scanning Server, and another between the
Scanning Server and the original Web server.
2.1 On-the-Fly Certificate Generation
When HTTPS Scanning is enabled, there are two HTTPS connections for
each session:
To Next Page
Loading...
Need help?
General
