6 Things You Should Know About Filtering SSL
SSL — it’s the acronym on everyone’s lips. In the past year alone, HTTPS and its rapid adoption by major providers have changed the web filtering game significantly. Here are some key points that school IT departments need to know in order to adapt.
- SSL makes the Web as secure as a banking session.
Until recently, relatively few websites used exclusively HTTPS. Most of these were sites that necessitated financial transactions — like banks and online shopping sites — where the consequences of compromised security would be severe. Now sites like Google and Yahoo are moving to HTTPS, so commonplace online activities are occurring over encrypted connections.
- Blocking SSL sites will keep your users from some of their most-frequented websites.
Unfortunately, dealing with SSL is probably not as easy as blocking it altogether. Imagine your school network’s users not being able to perform a simple Google search, open a Google Doc, visit Khan Academy, or watch a YouTube video clip. Blocking SSL traffic will inevitably keep teachers from the websites they rely on for instruction, and block students from the best digital resources for learning.
- A smart SSL filter is more important than ever.
Google is blazing a trail by switching to HTTPS, and it’s not just leading by example: Google has openly campaigned for websites to make the move to HTTPS, dangling the prospect of improved Google search ranking for those who switch. HTTPS is now a “lightweight signal” in Google’s search ranking algorithm, and the company says it may “strengthen” the signal over time. Expect many more websites to jump on the SSL bandwagon in light of this news.
- Decoding SSL is not enough to keep students safe.
Decoding SSL inspects SSL certificates and SNIs, controlling access through block/allow lists — great, right? Except decoding SSL still leaves IT without critical information for protecting students. When SSL is decoded, administrators can see any domains that have been accessed, but not the full URL details. For instance, if a student searches for adult material on Google and locates an explicit YouTube video, an administrator will merely see “google.com*” and “youtube.com*” in reports.
- The only way to decrypt SSL is with an tmitmproxy.
For school networks to decrypt SSL, they must have a Trusted Man in the Middle proxy, or tmitmproxy. An tmitmproxy allows a web filter to be trusted by devices on a school network to continue to see the encrypted data. If you have Lightspeed’s Web Filter, support can work with you directly to configure your tmitmproxy.
- Lightspeed Web Filter is the most powerful solution for handling SSL traffic.
Lightspeed Systems Web Filter has the most powerful controls for filtering and reporting SSL. The latest version (2.10) enables easy distribution of SSL certificates and real-time SSL decryption without PAC files, plus dozens of other new, improved features. Learn more about the Lightspeed Systems Web Filter here.
Want to know more about SSL? Download our new whitepaper here.