Shulou(Shulou.com)06/01 Report--

As we all know, SSL encrypted communication data, such as https,pops, imaps, smtps, because of asymmetric encryption in the communication process, the data is transmitted in ciphertext; as a result, network monitoring can not directly monitor its content, nor can it deeply filter the information in the content. As a professional online behavior management system, WFilter NGF has added a "SSL monitoring module" in the latest version. The SSL monitoring module can act as a middleman of SSL to intercept certificates so as to parse the data content encrypted by SSL. With this module, the following can be achieved:

Record the page content and post content of the https website.

In-depth filtering of visits to https sites, such as prohibiting the download file format of https sites, prohibiting uploading attachments on https pages, and so on.

Record the email contents of pops, imaps and smtps.

Deeply filter emails from pops, imaps and smtps, such as setting up a blacklist and whitelist for sending and receiving emails, forbidding attachments, and so on.

In this example, I will demonstrate its basic use in conjunction with the module of "SSL Monitoring".

1. Basic principles of SSL monitoring

The basic principle of SSL monitoring is to act as a middleman to replace the certificate of the server, thus parsing the communication between the client and the server. Because most browsers do certificate checking, such as IE browsers, this prompt appears when a middleman is detected:

This prompt no longer appears when you import the CA certificate on the client. Therefore, when SSL monitoring is enabled, it is generally recommended to import the "CA certificate" in "SSL Monitoring" on the client. The vast majority of mail clients do not check certificates, so certificates can not be imported when only monitoring SSL messages (pops, imaps, smtps).

two。 Configure SSL monitoring policy

As shown in the figure below, you can enable SSL monitoring for the corresponding client. You can monitor all SSL or only SSL access of certain domain names / IP.

3. Internet content recording and SSL content deep filtering

After SSL monitoring is enabled, https website content and SSL email content can be monitored in the "Internet record module". As shown in the figure:

At the same time, the options in "Web filtering" and "email filtering" can also filter SSL sites. For more configuration information, please refer to: SSL Monitoring Module

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.