HTTPS - HyperText Transfer Protocol Secure ensures to secure the transactions and other activities that are dealt over the Internet through SSL - Secure Sockets Layer encryption.
With HTTPS - there is absolute encryption of the confidential data that are transmitted from the browser to the server and vice versa. However you are at the verge of normal defences that go past your eyes.
When the user downloads a malware file through a phishing mail assuming it to be a harmless file, it generates an encrypted session to a (C&C) Command and Control server and the malware gets downloaded instantly. This encrypts the attacks that happens in the session as well and by this way the malware bypasses the network security.
Introduction to Secure Socket Layer Inspection
SSL inspection is the right solution to unlock encrypted sessions, check the encrypted packets, identify and block the threats. The inspection secures you from HTTPS prone attacks and also the attacks that are caused through SSL-encrypted protocol like POP3S, SMTPS, IMAPS, and FTPS.
Growing Need of SSL Inspection
Its been a huge concern for enterprises to stay away from the virtual attackers while the use of secure web based applications is in the verge of mighty enhancements. Internal applications and cloud-delivered applications deploy encrypted mechanism (SSL encryption) that converts the normal text file to an unreadable format to protect files, applications and transactions from the hackers' attackers. This malware based traffic gets encrypted and escapes the security mechanism. The inspection breaks the challenge as it is plays a vital role play to protect data that is transmitted during transactions done to and from the website, email communications and also the implementation of mobile apps. Hence with the advancement of techniques used by the hacking personnel, there is an exponential increase in the need of Secure Socket Layer inspection to obstruct the encryption of attacks.
Full SSL inspection
The SSL encrypts the content that is transmitted through the HTTPS laden website, however the encrypted content has to undergo inspection to check if it is malware free. This inspection is called Full SSL inspection or Deep inspection. This is done by imitating the receiver of the initial SSL session after which the content is decrypted for further inspection. Once the inspection is complete the decrypted content is then re-encrypted and a new SSL session is established by imitating the sender and the re-encrypted content is sent to the sender.
Methods for full SSL inspection:
1. Multiple Clients connected to Multiple Servers
- A CA Certificate is used that is uploaded using the Certificate menu
- Typically used on outbound policies
- The website address can be white-listed and can be configures accordingly to bypass SSL inspection
2. Protecting SSL Server
- Uses a server certificate that is uploaded using certificate menu to protect a single server
- Used on inbound policies to protect servers externally through Virtual IPs
How Comodo Takes SSL Inspection Software to a New Level
Comodo overcomes the following common mistakes
Incomplete validation and incomplete information on the validity of certificates are some of the common mistakes that we find during the process of SSL-based Inspection. Comodo takes one step in advance to take the Inspection to the next level. Comodo works to mitigate the risks involved with SSL sniffing and also provisions to validate system certificates. It is important that the certificates are validated. Comodo product ensures that the certificates are validated and by this way all the clients know that they are connected to a legitimate website. Contact us today to learn more.