HTTPS-SSL Inspection
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
1 hour 35 minutes
Difficulty
Intermediate
CEU/CPE
2
Video Transcription
00:00
>> [MUSIC] This module,
00:00
we're going to discuss HTTPS SSL encrypted
00:00
traffic and how we inspect that with the SMB device.
00:00
We support both full and light SSL inspection.
00:00
SSL inspection allows us to inspect
00:00
traffic that is encrypted by the Secure Socket Layer.
00:00
Only HTTPS outbound inspection is supported.
00:00
All the hosts behind the gateway,
00:00
must install the gateway CA certificate.
00:00
You can see it here at the bottom of the slide.
00:00
The support of the blades are
00:00
application control and URL filtering,
00:00
IPS, Antivirus on debarred and Thread Emulation.
00:00
HTTPS categorization allows us to filter
00:00
specified HTTPS URLs and
00:00
applications without activating SSL inspection.
00:00
It simply based on the URL in the website's
00:00
certificate, so it basically means you can block
00:00
a web application without activating a cell inspection.
00:00
There is an escape for SSL inspection for
00:00
additional information on bypass policies.
00:00
By default, we're set up to bypass certain things,
00:00
we will see it later in the way BY we can
00:00
configure to use bypass based on specific networks,
00:00
and, of course, the predefined categories
00:00
such as health,
00:00
government, financial, and more.
00:00
If bypass is configured,
00:00
traffic will be categorized by light SSL,
00:00
let's go ahead and see how we
00:00
can configure SSL inspection.
00:00
I'm going to go to Access Policy,
00:00
and here, I'm going to go to SSL inspection.
00:00
This is the default state,
00:00
I'm going to go ahead and change it
00:00
to SSL traffic inspection.
00:00
Here I can select which protocols I want to inspect,
00:00
which categories to bypass,
00:00
so by default I have health,
00:00
government and financial and tracking.
00:00
Do I want to enable inspect logs and bypass locks?
00:00
I'm going to select both and press 'Apply.'
00:00
As mentioned here, to fully deploy a sill inspection,
00:00
we need to download the certificate and
00:00
install it onto hosts behind the gateway.
00:00
Very easy, all you need to do is
00:00
to download the certificate.
00:00
In this case, it's going to ask me I'm going to do
00:00
keep and I have the certificate right here.
00:00
Now, I'm going to go to Internet options.
00:00
If I go to Contents, Certificates,
00:00
it can go all the way here to
00:00
trusted root certification authorities,
00:00
and I can import this new certificate.
00:00
Now my computer will trust
00:00
this unknown self-signed certificate.
00:00
Press "Yes" and "Okay".
00:00
This is the menu that controls
00:00
older certificate that your hosts is trusting.
00:00
For example, if you open any website that uses SSL,
00:00
that website uses a certificate
00:00
that your computer trusts.
00:00
Why? Because the certificate is mentioned here.
00:00
Now I've opened a website here,
00:00
so I can go here, in this case,
00:00
cnn.com, and if I will go and check the certificate,
00:00
I can see that it's valid.
00:00
I don't get any warning messages or something,
00:00
let's go ahead and see the certificate.
00:00
This certificate was issued to this website,
00:00
but let's see who it was issued by just a MAC address.
00:00
In this case, this certificate is
00:00
the one I have created through the SMB,
00:00
so SSL inspection is indeed in-order.
00:00
Now if I go to logs and monitoring,
00:00
I can open up one of the entries here,
00:00
connection was inspected by HTTPS inspection.
00:00
That concludes the HTTPS SSL inspection module [MUSIC].
Up Next
Instructed By
Similar Content
