SSL Proxying

SSL Proxying

 

SECURE SOCKET LAYER

 

(SSL) PROXYING

 

SSL is a cryptographic protocol used to provide security to communications between two internet endpoints, such as a web browser and a web server. However, it is vulnerable to attack through a number of vectors, ranging from user negligence, to administrator misconfiguration, to flaws in the protocol itself.

 

 

The Network Box SSL Proxy is designed protect against these internal and external threats by decrypting secure connections on the way in, performing security analysis, then re-encrypting data on the way out.

 

Through security analysis of the SSL connection and the protocol data, the SSL Proxy can take responsibility for secure connections going through the gateway and apply organization-wide security policy on these secure communications.

 

 

The Network Box SSL Proxy has been developed with

the ability to:

  • Move the choice of bypassing failed SSL server certificate validation away from the user, to the IT Manager. This prevents users from naively ignoring browser warnings and inadvertently connecting to potentially malicious sites.
  • Offload the decryption of secure connections onto the Network Box gateway device, which hosts an up-to-date SSL software stack. SSL connections over the internet, both incoming and outgoing, are upgraded to use as secure settings as possible, following the approach of highest common denominator security, rather than the lowest.

 

 

In addition, the Network Box SSL Proxy can pass the data from within the secure connections to the Web-Content or Application Control engines to perform scans for malicious content and apply administrator configured security policies. These actions are not possible to perform on SSL encrypted connections without the Network Box SSL Proxy.

 

 

 

 

Key Features

Verification and protection of SSL traffice

Identification, decryption, encryption, certificate validation and protection of SSL network traffic.

Denies users from by-passing failed certificates

Denies end-users from bypassing failed SSL certificates.

Uses highest common denominator externally

Uses lowest denominator of security internally, but highest common denominator externally.