An HTTPS filter is an Internet filter that not only checks requests to visit websites against its filtering parameters, but which also opens, reads, and scans the content of encrypted websites to ensure they are virus-free and comply with network acceptable use policies.
Many years ago, an HTTPS filter would have been considered unnecessary. The only conversations conducted over secure connections were online banking, the transfer of corporate data and certain email communications.
However, in recent years there has been a significant growth in the use of encryption, driven by the privacy policies of social media websites and enhanced rankings in Google´s Search Engine Results Pages (SERPS). More than half the world´s most visited websites are now encrypted.
Encrypted Websites are Not as Secure as they Once Were
Encrypted websites are supposed to be guaranteed as secure by an SSL Certificate. These are issued by Certification Authorities who are supposed to conduct a series of stringent checks to ensure website owners maintain a high standard of security.
Unfortunately standards have slipped. One Certification Authority is known to have issued more than a thousand SSL Certificates to fake websites with the word “PayPal” included in their URL, and it is possible to pick up an SSL Certificate for free with just a quick search on the Internet.
This means cybercriminals are also able to pick up SSL Certificates for free. Consequently, the https:// prefix and padlock symbol are no longer signs that a website is legitimate. There is just as much risk of a malware infection from a “secure” site as there is from a site without an SSL Certificate.
How an HTTPS Filter Works
Each time a network user clicks on a link or types in a URL, the HTTPS filter checks the request to visit a website against blacklists of websites known to harbor malware and IP address from which spam emails are known to have originated – the latter process being a guard against users visiting phishing websites.
If the requested website passes the first line of defense, checks are made against the software´s category filters to ensure the nature of the website does not contravene administrator-controlled acceptable use policies. More than six billion web pages are sorted into fifty-three categories such as abortion, adult entertainment, alternative beliefs, alcohol, etc. for quick and easy filtering.
Once a request to a website has passed through the category filters, the content of the website is then inspected and scanned before being delivered to the network user – provided it is virus-free and complies with any other administrator-controlled acceptable use policies implemented at the keyword filtering stage of the process.
Latency can be an Issue with an HTTPS Filter
The process of decrypting, inspecting, scanning and re-encrypting secure websites uses a lot of CPU resources. During periods of peak Internet activity, the process can cause delays in Internet speeds and the temporary unavailability of web-based applications such as email.
The order in which an HTTPS filter conducts its checks goes some way towards mitigating the issue of latency, but network administrators can eliminate the issue altogether by using the filter´s whitelisting feature – a feature that allows trusted websites to bypass the filtering mechanisms.
By removing the most frequently-visited, trusted websites from the filtering process, the filter has fewer website requests to check, network performance is improved and network users benefit from a filtered Internet service with imperceptible latency. Network performance can be further improved by limiting bandwidth use per device during peak times to reduce the demand on CPU resources.
Try a WebTitan Filter for Free
Implementing an HTTPS filter has multiple advantages. Whereas Internet filters without SSL inspection allow all requests to visit encrypted websites – because they cannot read their content and find nothing wrong with them – network administrators can be assured acceptable use policies are being adhered to with a HTTPS filter.
This means that employees can be prevented from visiting non-work related websites, students are protected from accessing age-inappropriate online material, and users of publicly-accessible are unable to openly view online material that other network users may find offensive. This is in addition to protecting networks, network users and their devices from the threats of malware and phishing.
If you have never experienced the advantages of an HTTPS filter, and would like to try one for free, we are inviting network administrators to contact us and request a free trial of the WebTitan HTTPS filter which most suits your needs. WebTitan HTTPS filters are available with three deployment options:
- WebTitan Gateway is a software-based HTTPS filter that is deployed behind the network´s firewall and is scalable up to 6,000 users.
- WebTitan Cloud is a universally compatible DNS filter that takes just twenty minutes to set up and configure.
- WebTitan Cloud for WiFi has been especially designed to protect wireless networks and BYOD networks from malware.
To find out more about the opportunity to try a WebTitan filter with SSL inspection for free, do not hesitate to get in touch. Our Sales Technicians will be happy to answer your questions, guide you through the process of registering for your free trial and help you find the optimum settings for your WebTitan filter in order to protect your network from web-borne threats hidden in encrypted websites.