Articles Articles Most Popular Articles Most Popular Articles Most Helpful Articles Most Helpful Articles
Advanced Search
DrillDown Icon Table of Contents
DrillDown Icon What's New
DrillDown Icon Knowledge Base Information
DrillDown Icon Cyberoam UTM
DrillDown Icon Product Literature
DrillDown Icon Best Practices & Policies
DrillDown Icon Protect Your Cyberoam Appliances from Power Fluctuations
DrillDown Icon Version 10.x
DrillDown Icon Visio Stencils
DrillDown Icon Glossary
DrillDown Icon Product Technical Support
DrillDown Icon Compatibility
DrillDown Icon Cyberoam Virtual UTM
DrillDown Icon Endpoint Data Protection
DrillDown Icon Cyberoam SSL VPN
DrillDown Icon Cyberoam iView
DrillDown Icon Cyberoam Central Console
DrillDown Icon Cyberoam's On-Cloud Management Service
  Email This ArticlePrintPrint Current Article and All Sub-Articles
Rate Icon Rate Icon Rate Icon Rate Icon Rate Icon
 
Filtering HTTP over SSL connections

 

Web traffic has posed one of the biggest security issues. And to overcome this, URL filtering solutions are used. Filtering solution screens an incoming web page, checks the page against the set of rules and policies to determine whether the page access is to be allowed or not.  

Filtering solutions detect and block HTTP communication as per web filtering policies but because enterprises keep port 443 (HTTPS) open, filtering policy cannot be applied when user visits secure (HTTPS) sites as content is encrypted.

Hence the primary circumvention method used to evade these carefully crafted web filtering policies, is the use of HTTPS connections. Clearly, HTTPS connections pose a serious threat as it provides employees with an easy way to avoid the enterprise’s Internet Usage policy to conceal their activities.

Using Secure Proxy is the easiest way to make use of HTTPS connection. To use proxy, user simply points his browser to the HTTPS proxy web site and makes a request to access the destination (blocked) site to proxy. HTTPS proxy initiates its own request as opposed to actually passing the user’s request. It fetches the page on behalf of the user and responds back to the user as if it was the destination. This way user and the destination (blocked) site never actually interact directly.  As HTTPS proxy returns the encrypted content directly to the user, gateway only sees the SSL encrypted traffic. URL filtering solution cannot sniff in the encrypted traffic to determine the correct URL making filtering policies ineffective.

How does Cyberoam solve this problem?

Cyberaom approach includes SSL certificate inspection along with the filtering policies to control SSL traffic.

Cyberoam parses SSL handshake (SSLv2, SSLv3, and TLS) and extracts “Common Name” (CN) from the certificate. It applies control filters on common name. Based on the outcome of filters, user is either served the page or the connection is terminated.

Apart from secure proxies, client-based proxies, HTTP proxies and open proxies are also used to evade filtering policies. Cyberoam filters the usage of these proxies with the help of its keyword and URL filtering techniques as well as Signature based detection technique.

Additionally, to control rogue employees, SSL traffic filtering can applied on individual user or group of users, single URL, group of URLs or entire URL category.

 

 

 

 

Document version -1.0-10/07/2008
Attachments
File Icon Filtering HTTP over SSL connections.pdf
Article ID: 971
   Copyright © 2013 Cyberoam Technologies Pvt. Ltd.
All rights reserved.		 Knowledge Base Software
Powered By: NovoSolutions, Inc.