Enterprise Security Solutions | Network Security Consultants - http://www.net-ctrl.co.uk
Eliminating Your SSL Blindspot: The Solution to Managing and Securing HTTPS Traffic
http://www.net-ctrl.co.uk/articles/36/1/Eliminating-Your-SSL-Blindspot-The-Solution-to-Managing-and-Securing-HTTPS-Traffic/Page1.html
By Super Admin
Published on 21/10/2008
 
Web encryption is indispensable for today’s businesses, but organizations with an open port 443 (HTTPS tunnel) on their firewall are left with a major security hole wide open in their network. Traditional firewalls and gateway anti-virus solutions are unable to scan encrypted traffic, and therefore can provide no control over what content is sent in and out of organizations’ networks via HTTPS.

This presents risks to organizations that may not realize they cannot rely on their HTTP filters to protect HTTPS encrypted traffic. Risk also exists with regulatory compliance. Can an organization be compliant if they allow open SSL tunnels which could contain the very confidential information the regulations seek to control?
Web encryption is indispensable for today’s businesses, but organizations with an open port 443 (HTTPS tunnel) on their firewall are left with a major security hole wide open in their network. Traditional firewalls and gateway anti-virus solutions are unable to scan encrypted traffic, and therefore can provide no control over what content is sent in and out of organizations’ networks via HTTPS.

This presents risks to organizations that may not realize they cannot rely on their HTTP filters to protect HTTPS encrypted traffic. Risk also exists with regulatory compliance. Can an organization be compliant if they allow open SSL tunnels which could contain the very confidential information the regulations seek to control?

Moreover, hackers and malicious employees alike know that the traffic that goes through HTTPS tunnels under the cloak of encryption is wide open and unprotected, and therefore they use and will continue to exploit the HTTPS protocol to bypass content control mechanisms to circulate potentially malicious content.

This white paper discusses how HTTPS filtering (SSL scanning) provides companies with the means to counter these by fully extending their existing Internet usage policies to HTTPS traffic, and thereby proactively closing that last known major network security hole.