Руководство Пользователя для Cisco Cisco Web Security Appliance S170
A-1
Cisco IronPort AsyncOS 7.7 for Web User Guide
A P P E N D I X
A
HTTPS Reference
This appendix contains the following sections:
•
•
•
Overview of HTTPS
HTTPS is a web protocol that acts as a secure form of HTTP. HTTPS encrypts HTTP requests and
responses before they are sent across the network. Common thinking is that any connection to a site
using HTTPS is “safe.” HTTPS connections are secure, not safe, and they do not discriminate against
malicious or compromised servers. HTTPS is a secure way to complete legitimate transactions, but more
dangerously, it is a secure way to download malware which can infect your network.
responses before they are sent across the network. Common thinking is that any connection to a site
using HTTPS is “safe.” HTTPS connections are secure, not safe, and they do not discriminate against
malicious or compromised servers. HTTPS is a secure way to complete legitimate transactions, but more
dangerously, it is a secure way to download malware which can infect your network.
Not being able to inspect HTTPS traffic makes the network vulnerable to the following risks:
•
Secure site hosting malware. Spammers and phishers can create legitimate looking websites that
are only reachable through an HTTPS connection. Some users may mistakenly trust the web server
because it requires an HTTPS connection, resulting in intentional and unintentional downloaded
malware.
are only reachable through an HTTPS connection. Some users may mistakenly trust the web server
because it requires an HTTPS connection, resulting in intentional and unintentional downloaded
malware.
•
Malware from HTTPS web applications. Some malware can infect the network from legitimate
web applications, such as secure email clients, by downloading attachments.
web applications, such as secure email clients, by downloading attachments.
•
Secure anonymizing proxy. Some web servers offer a proxy service over an HTTPS connection that
allows users to circumvent acceptable use policies. When users on the network use a secure proxy
server outside the network, they can access any website, regardless of its web reputation or malware
content.
allows users to circumvent acceptable use policies. When users on the network use a secure proxy
server outside the network, they can access any website, regardless of its web reputation or malware
content.
The appliance uses both a URL filtering engine and Web Reputation Filters to make intelligent decisions
about when to decrypt HTTPS connections. With this combination, administrators and end users are not
forced to make a trade-off between privacy and security.
about when to decrypt HTTPS connections. With this combination, administrators and end users are not
forced to make a trade-off between privacy and security.
You can define HTTPS policies that determine if an HTTPS connection can proceed without examination
or whether the appliance should act as an intermediary, decrypting the data passing each way and
applying Access Policies to the data as if it were a plaintext HTTP transaction.
or whether the appliance should act as an intermediary, decrypting the data passing each way and
applying Access Policies to the data as if it were a plaintext HTTP transaction.
To configure the appliance to handle HTTPS requests, you must perform the following tasks:
1.
Enable the HTTPS Proxy. To monitor and decrypt HTTPS traffic, you must first enable the HTTPS
Proxy. For more information, see
Proxy. For more information, see
.