Fully authorized
One method is to leverage the fully authorized device, complete the end and then re-restart the structure of an application. This method requires only authorized proxy applications to use SSL. As soon as the authorized device fully supports SSL endpoints and re-start and application layer, then it will access unencrypted content.
While the content is not encrypted, the authorized device can fully perform security checks on the data or it can send a copy of the unencrypted data to a secure application. Let this app do the search.
Authorized devices also often require that the client need to be configured to know the device and have direct connection to the usage of the device-related applications. However, this requires permanent management. This also means that a client can be configured to not take advantage of the device.
SSL Proxy is clear
Another alternative is to use a transparent, transparent SSL Proxy in connection with existing security applications that are deployed in the local network. A SSL Proxy obviously does not need to understand or be able to handle application layer protocols and this Proxy is optimized for limiting and reorganizing the SSL protocol layer.
In addition, this Proxy is deployed at a point in the network, where all the traffic of commonly used applications will be displayed. It will help detect all SSL traffic, thoroughly examine the packets, and be able to decrypt and re-encrypt the traffic so that you can access encrypted traffic. These traffic is then packaged into a 'generated' TCP stream and sent to one or more security applications available in the network.
Once security applications receive unencrypted traffic, they will do their job and detect if there is any threat or data leak. If the security application is a filtering device, such as IPS, it will remove malicious traffic, and SSL Proxy will rediscover the traffic and remove the corresponding SSL stream.
If the security application is IDS or a Network Forensics device, the application will generate reports of detected threats in unencrypted traffic.
Because traffic does not need to be sent explicitly to Proxy, these Proxies do not require client configuration. In addition, since they do not end and rearrange application-layer protocols, they do not need delay time and can operate at high speeds.
Because proxies do not require the use of security applications on an enterprise network, they do not make it difficult to operate and they do not require changes in the network or client configuration.
As the amount of encrypted data traffic continues to increase, businesses need to find ways to make sure that the security applications installed do not become useless by SSL traffic. Proxies are obviously the best solution in facing the risks from malicious code hidden inside SSL traffic.