Internet security product firm SmoothWall has a new version of their Guardian web filter. Their key feature for 2009 is SSL Interception, which allows organisations to control and monitor encrypted traffic.
According to Netcraft, in the last year the number of websites using SSL encryption has risen by nearly 40pc and now totals well over two million. In addition to the applications in online retail, banking and gambling, SSL encryption is now being increasingly used for online web logins (Hotmail and gmail) charity donations and other payment gateway services. Some anonymous proxies also rely on SSL to keep surfing sessions secret.
The problem with SSL is that despite the certificate system, not all sites that use the protocol can be automatically trusted. Organisations can end up in a tricky position if critical data is compromised via webmail accounts – or if an employee does or says something they shouldn’t using an encrypted proxy network or a secure IM client like GoogleTalk. More risks lie in the fact that standard security solutions rarely work on encrypted traffic – so viruses can use SSL to worm their way into networks undetected. By travelling into networks via the same secure tunnels that are used for online banking, malware and other web nasties are rendered virtually invisible and can sidestep security by disguising themselves as ‘trusted’ traffic.
Tom Newton, Product Manager at SmoothWall says “Because SSL has traditionally been beyond the reach of network security systems like content filters; it has become a serious security blind spot. A much higher proportion of network traffic is now encrypted, and so SSL filtering is now an indisputably crucial component of network control.”
SSL Interception allows SSL traffic to be decrypted so it can be analysed and the content checked for viruses and other undesirable material. One of the reasons it is rarely found in standard security systems is because of the processor-intensive calculations and algorithms required. Vendors like SmoothWall are now finding ways to incorporate SSL control – without impacting performance.
SSL Interception is also a weapon for the IT department in the ongoing fight against proxy abuse in the workplace. As more organisations embrace the productivity benefits of filtering, an equal number of their employees are learning how to use proxy tools to bypass filters so they can access their cherished Facebook accounts. Many of these ‘bypass’ tools rely on SSL encryption for secret browsing and SSL Interception is a way to accurately detect and block these technologies.
Stewart Allen, an independent analyst and consultant says, “Being able to see the Internet traffic flows in an unencrypted format strengthens anti-malware defences. SmoothWall’s new SSL Intercept feature helps IT departments protect their networks from the underbelly of the Internet. ”
Due for release at the end of March, the latest version of Guardian has customisable search term blocking and a range of reports including site-specific reporting. Existing users will get the new functionality via a feature pack download. For more information visit –
