Ironically, SSL encryption also poses a security and productivity concern for enterprises and schools since this traffic is generally invisible to secure web gateways. Without this protection, hackers may spread malware. Users can bypass corporate Internet usage policies and kids can be exposed to unsafe and inappropriate Internet content.
Regulating SSL-encrypted traffic requires the web gateway to act as a web proxy and ‘inspect’ or ‘scan’ the traffic by decrypting and re-encrypting the transactions. Traditional firewalls, ‘pass-by’ web security gateways that only inspect the web traffic off a span or mirror port, and Unified Threat Management devices (UTMs) struggle with this because of the complexity and processing resources required to scan SSL traffic.
Barracuda Solves this Challenge
The Barracuda Web Security Gateway content security appliance takes a layered approach to SSL regulation.
- For basic policy management, the appliance blocks HTTPS web requests at Layer 3 by monitoring DNS responses generated by these requests and constructing an internal database that maps IP addresses to domain names. The appliance can enforce domain-level access policies on SSLencrypted web requests without scanning the content with this approach. This technique ensures complete data security since it does not decrypt and re-encrypt the content.
- For more granular policy management and malware protection, Barracuda Web Security Gateways5 can scan or inspect SSL traffic by acting as a secure intermediary for SSL traffic between the client browser and the web server. This content is decrypted and inspected to enforce usage policies, as well as scanned for virus and malware. After processing, the traffic is re-encrypted and routed to the proper destination.
SSL inspection is also available on Barracuda Next-Generation Firewalls. These powerful applicationaware firewalls enable administrators to apply granular access control, bandwidth shaping, and WAN optimization policies to SSL-encrypted web traffic.
Decrypting and re-encrypting traffic for SSL inspection is generally a performance-intensive operation. Barracuda solutions make it easy to minimize performance overhead by allowing administrators to apply SSL inspection to specific domains, content categories, and users or groups.
Barracuda security solutions provide comprehensive protection and visibility across all aspects of web traffic. SSL inspection combined with granular policy management allow organizations to securely leverage Internet-based applications and web content without impacting network performance and compromising security.
- Barracuda Web Security Gateway 610, 810, 910, 1010, 1011 and Barracuda Web Security Gateway 610 Vx virtual edition