Web Filter – How Lightspeed Systems handles SSL traffic

Library > Teacher U
What You’ll Learn
  • How SSL traffic works
  • How the Lightspeed Systems Web Filter processes it
Introduction

SSL traffic can complicate web filtering, because by its nature it is encrypted, so the packets aren’t readable. The Lightspeed Systems Web Filter provides various options for dealing with SSL, encrypted, HTTPS traffic.

Let’s Learn

First, let’s start with a detailed explanation of the nature of SSL (https) traffic and how we handle it.

By design SSL traffic is fully encrypted. This encryption detects any attempt to decrypt this traffic between the user machine and the server and if any is found it will shutdown the connection. This is a good thing because we all rely on the safety on encrypted transactions every day. Without this safety we would not be able to do things like online banking and online shopping.

What this means from a filtering perspective is that the data in the packets including the full URL is not readable. This does not mean that the Lightspeed Systems Web Filter cannot properly filter SSL (https) traffic; however, this does mean that this traffic is handled differently.

At a minimum during the https handshake phase, the domain name of the host server is shared as part of the SSL certificate. For the majority of websites this provides appropriate policy decisions.

With modern browsers and operating systems the filter not only receives the domain’s name (e.g., .google.com) but also the specific host (e.g., mail.google.com). This allows web filters to make differentiated decisions on host names where multiple services are provided within a single domain. (This ability is very important for appropriate policy decisions with, for example, Google websites.)

These two options are enabled by using the SSL Decoder option in the Web Filter.

If you desire full URL detail for SSL sessions, the Lightspeed Systems Web Filter can also provide this capability through the use of an SSL proxy. When an SSL proxy is used the proxy server becomes a trusted man in the middle. Because the proxy server is trusted it is allowed to decrypt the data portion of the packet and allows the web filter to make decisions in exactly the same way that non encrypted traffic is analyzed.

Conclusion

The use and capabilities of these various SSL options are dictated by the design of SSL and the Lightspeed Systems Web Filter fully supports all of these options.

Take the quiz!

You need to be registered and logged in to take this quiz. Log in or Register