New version of SmoothWall Guardian incorporates SSL Interception to control and monitor encrypted traffic

(10/04/2009)

The problem with SSL is that despite the certificate system, not all sites that use the protocol can be automatically trusted. Organisations can end up in a tricky position if critical data is compromised via webmail accounts – or if an employee does or says something they shouldn’t using an encrypted proxy network or a secure IM client like GoogleTalk. More risks lie in the fact that standard security solutions rarely work on encrypted traffic - so viruses can use SSL to worm their way into networks undetected. By travelling into networks via the same secure tunnels that are used for online banking, malware and other web nasties are rendered virtually invisible and can effectively sidestep security by disguising themselves as ‘trusted’ traffic.

According to Netcraft, in the last year the number of websites using SSL encryption has risen by nearly 40% and now totals well over two million. In addition to the obvious applications (i.e. online retail, banking and gambling) SSL encryption is now being increasingly used for online web logins (Hotmail and gmail) charity donations and other payment gateway services. Some anonymous proxies also rely on SSL to keep surfing sessions secret.

SmoothWall have raised the bar on SSL security this month with a new version of their Guardian web filter. Their key feature for 2009 is SSL Interception, which allows organisations to control and monitor encrypted traffic.

Tom Newton, Product Manager at SmoothWall says “Because SSL has traditionally been beyond the reach of network security systems like content filters; it has become a serious security blind spot. A much higher proportion of network traffic is now encrypted, and so SSL filtering is now an indisputably crucial component of network control.”

SSL Interception allows SSL traffic to be decrypted so it can be analysed and the content checked for viruses and other undesirable material. One of the reasons it is rarely found in standard security systems is because of the processor-intensive calculations and algorithms required. Fortunately though, vendors like SmoothWall are now finding ways to incorporate SSL control – without impacting performance.

SSL Interception is also an important weapon for the IT department in the ongoing fight against proxy abuse in the workplace. As more organisations embrace the productivity benefits of filtering, an equal number of their employees are learning how to use proxy tools to bypass filters so they can access their cherished Facebook accounts. Many of these ‘bypass’ tools rely on SSL encryption for secret browsing and SSL Interception is the only way to accurately detect and block these technologies.

As Stewart Allen, an independent analyst and consultant explains, “Being able to see the Internet traffic flows in an unencrypted format strengthens anti-malware defences. SmoothWall's new SSL Intercept feature helps IT departments protect their networks from the underbelly of the Internet. ”

The latest version of Guardian also benefits from customisable search term blocking and a dramatically improved range of reports including site-specific reporting. Existing users will get the new functionality via a feature pack download.

Related topics:  Encryption   Internet and Web security   Mobile and Wireless Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources