Internet Security

Skip to Main Content »

Have a Question? Call Us!
Toll Free: 877.449.5102

Welcome to NTSecurity.com

You're currently on:

What Is HTTPS Content Inspection?

12/07/2012 HTTPS content inspection is the process in which the entire content that is transmitted over SSL channel is scanned for malicious elements, and checked against configured policies before allowing or denying the content to pass through the gateway and enter into the network. Unlike Deep Packet Inspection (DPI) where each packet is inspected for malware, spyware, etc., in HTTPS content inspection the entire payload is scanned and verified to be trusted before making it available to the requesting party. The process of HTTPS content inspection ensures that no harmful and inappropriate information enters into the network, even if requested by any internal computer.

HTTPS Content Inspection

HTTPS content inspection is the process in which the entire content that is transmitted over SSL channel is scanned for malicious elements, and checked against configured policies before allowing or denying the content to pass through the gateway and enter into the network. Unlike Deep Packet Inspection (DPI) where each packet is inspected for malware, spyware, etc., in HTTPS content inspection the entire payload is scanned and verified to be trusted before making it available to the requesting party. The process of HTTPS content inspection ensures that no harmful and inappropriate information enters into the network, even if requested by any internal computer.

Servers Used in HTTPS Content Inspection

The two servers that play important role in HTTPS content inspection are:

  • Firewall/Proxy Server – This computer works as the ‘man-in-the-middle’ system that receives encrypted packet from the secured website, decrypts it, analyzes it and then re-encrypts it.
  • Certification Authority Server – This server can be configured either in the internal network, or services from any trusted third-party CA can be hired. An example of such third-party CA is VeriSign. CA generates HTTPS inspection certificate that is used to sign SSL certificate generated by ‘man-in-the-middle’ system.

How HTTPS Content Inspection Works?

Steps involved in the process of HTTPS content inspection are discussed as below:

  • Requesting computer sends a request for secure content to the HTPPS enabled website. E.g. any internet banking site.
  • The HTTPS site receives the request and responds to it by creating an SSL tunnel between itself and the requesting computer.
  • After the SSL tunnel is created, the requested information is transmitted to the desired computer through the created tunnel.
  • Since the request passes through the firewall/proxy server (man-in-the-middle), the ‘man-in-the-middle’ machine receives the request for inspection.
  • After receiving, the firewall/proxy server verifies the received information for appropriate digital signatures against the configured policies.
  • Assuming that the received information is found authentic, the ‘man-in-the-middle’ machine performs two tasks on the data. They are:
    • It decrypts the data.
    • Scans the decrypted data for malicious elements or inappropriate information.
  • Once the decrypted data is scanned and is found clean, ‘man-in-the-middle’ computer performs the following tasks:
    • It uses the acquired certificate information to generate a new SSL certificate.
    • Signs the certificate with Certificate Authority’s HTTPS inspection certificate
    • Encrypts the decrypted and verified data using the generated and signed certificate.
    • Creates a new HTTPS connection to the requesting computer.
    • Transfers the encrypted information to the requesting computer.

Note: After the entire HTTPS inspection process is done, and when the information reaches the requesting computer, the requesting computer sees the information as if it has been sent from the ‘man-in-the-middle’ system and not from the original HTTPS site.

Points to Remember While Enabling HTTPS Content Inspection

Before enabling HTTPS content inspection in a network, security administrators must keep the following few points in mind:

  • Certification Authority Placement – Since the encrypted information from HTTPS enabled website is received by the ‘man-in-the-middle’ computer, the Certification Authority (CA) must be placed on that very server itself. Because it is advisable to dedicate an individual machine for the CA, security administrators can consider deploying virtual machine and configuring a CA on that VM for efficient performance.
  • HTTPS Inspection Trusted Root Certificate Deployment – Since a new HTTPS connection is created between the ‘man-in-the-middle’ system and the requesting client computer to transfer the inspected HTTPS content, the HTTPS inspection trusted root certificate must be deployed on all the client computers in the internal network in order to trust the received information.
  • Secure Socket Tunneling Protocol (SSTP) Servers Exclusion – Since HTTPS inspection does not support the connections established to SSTP servers, such servers must be excluded from HTTPS inspection process.
 4.50 out of 5 based on 2 reviews

What Is HTTPS Content Inspection?

12/07/2012

HTTPS Content Inspection

HTTPS content inspection is the process in which the entire content that is transmitted over SSL channel is scanned for malicious elements, and checked against configured policies before allowing or denying the content to pass through the gateway and enter into the network. Unlike Deep Packet Inspection (DPI) where each packet is inspected for malware, spyware, etc., in HTTPS content inspection the entire payload is scanned and verified to be trusted before making it available to the requesting party. The process of HTTPS content inspection ensures that no harmful and inappropriate information enters into the network, even if requested by any internal computer.

Servers Used in HTTPS Content Inspection

The two servers that play important role in HTTPS content inspection are:

  • Firewall/Proxy Server – This computer works as the ‘man-in-the-middle’ system that receives encrypted packet from the secured website, decrypts it, analyzes it and then re-encrypts it.
  • Certification Authority Server – This server can be configured either in the internal network, or services from any trusted third-party CA can be hired. An example of such third-party CA is VeriSign. CA generates HTTPS inspection certificate that is used to sign SSL certificate generated by ‘man-in-the-middle’ system.

How HTTPS Content Inspection Works?

Steps involved in the process of HTTPS content inspection are discussed as below:

  • Requesting computer sends a request for secure content to the HTPPS enabled website. E.g. any internet banking site.
  • The HTTPS site receives the request and responds to it by creating an SSL tunnel between itself and the requesting computer.
  • After the SSL tunnel is created, the requested information is transmitted to the desired computer through the created tunnel.
  • Since the request passes through the firewall/proxy server (man-in-the-middle), the ‘man-in-the-middle’ machine receives the request for inspection.
  • After receiving, the firewall/proxy server verifies the received information for appropriate digital signatures against the configured policies.
  • Assuming that the received information is found authentic, the ‘man-in-the-middle’ machine performs two tasks on the data. They are:
    • It decrypts the data.
    • Scans the decrypted data for malicious elements or inappropriate information.
  • Once the decrypted data is scanned and is found clean, ‘man-in-the-middle’ computer performs the following tasks:
    • It uses the acquired certificate information to generate a new SSL certificate.
    • Signs the certificate with Certificate Authority’s HTTPS inspection certificate
    • Encrypts the decrypted and verified data using the generated and signed certificate.
    • Creates a new HTTPS connection to the requesting computer.
    • Transfers the encrypted information to the requesting computer.

Note: After the entire HTTPS inspection process is done, and when the information reaches the requesting computer, the requesting computer sees the information as if it has been sent from the ‘man-in-the-middle’ system and not from the original HTTPS site.

Points to Remember While Enabling HTTPS Content Inspection

Before enabling HTTPS content inspection in a network, security administrators must keep the following few points in mind:

  • Certification Authority Placement – Since the encrypted information from HTTPS enabled website is received by the ‘man-in-the-middle’ computer, the Certification Authority (CA) must be placed on that very server itself. Because it is advisable to dedicate an individual machine for the CA, security administrators can consider deploying virtual machine and configuring a CA on that VM for efficient performance.
  • HTTPS Inspection Trusted Root Certificate Deployment – Since a new HTTPS connection is created between the ‘man-in-the-middle’ system and the requesting client computer to transfer the inspected HTTPS content, the HTTPS inspection trusted root certificate must be deployed on all the client computers in the internal network in order to trust the received information.
  • Secure Socket Tunneling Protocol (SSTP) Servers Exclusion – Since HTTPS inspection does not support the connections established to SSTP servers, such servers must be excluded from HTTPS inspection process.
Rating :
4.50 out of 5