Cisco Cisco Web Security Appliance S170 사용자 가이드
12-4
Cisco IronPort AsyncOS 7.5.7 for Web User Guide
Chapter 12 Decryption Policies
Digital Cryptography Terms
•
Drop
•
Pass through
•
Decrypt
All actions except Monitor are final actions the Web Proxy applies to a transaction. A final action is an
action that causes the Web Proxy to stop evaluating the transaction against other control settings.
action that causes the Web Proxy to stop evaluating the transaction against other control settings.
Monitor is an intermediary action that indicates the Web Proxy should continue evaluating the
transaction against the other control settings to determine which final action to ultimately apply.
transaction against the other control settings to determine which final action to ultimately apply.
For example, if a Decryption Policy is configured to monitor invalid server certificates, the Web Proxy
makes no final decision on how to handle the HTTPS transaction if the server has an invalid certificate.
If a Decryption Policy is configured to block servers with a low web reputation score, then any request
to a server with a low reputation score is dropped without considering the URL category actions.
makes no final decision on how to handle the HTTPS transaction if the server has an invalid certificate.
If a Decryption Policy is configured to block servers with a low web reputation score, then any request
to a server with a low reputation score is dropped without considering the URL category actions.
shows the order the Web Proxy uses when evaluating control settings for
Decryption Policies. Looking at the flow diagram, you can see that the only actions applied to a
transaction are the final actions listed above: Drop, Pass Through, and Decrypt.
transaction are the final actions listed above: Drop, Pass Through, and Decrypt.
Note
shows the order the Web Proxy uses when evaluating control settings for
Access Policies.
Digital Cryptography Terms
To understand how encryption and decryption works, you need to understand a little bit about
cryptographic encoding techniques.
cryptographic encoding techniques.
describes some terms used in cryptography that are
discussed in this chapter.
Table 12-1
Cryptography Terms and Definitions
Term
Definition
Certificate authority
An entity which issues digital certificates for use by other parties.
Certificate authorities are sometimes referred to as trusted third parties.
Certificate authorities are typically commercial companies that charge for
their services. However, some institutions and governments have their own
certificate authorities, and some offer their services for free.
Certificate authorities are typically commercial companies that charge for
their services. However, some institutions and governments have their own
certificate authorities, and some offer their services for free.
Cipher
An algorithm used for encoding and decoding text to make it unreadable to
any system without the appropriate key.
any system without the appropriate key.
Ciphers work with keys to encode or decode text.
Ciphertext
Encoded text after a cipher has been applied to it.
Digital certificate
An electronic document that identifies and describes an organization that has
been verified and signed by a trusted organization called a certificate
authority.
been verified and signed by a trusted organization called a certificate
authority.
A digital certificate is similar in concept to an “identification card.” SSL uses
certificates to authenticate servers.
certificates to authenticate servers.
For more information about digital certificates, see