Skip to content Skip to main navigation Skip to footer

Tag: ssl certificate

The Importance of SSL Inspection for Monitoring Employee Web Use

The Importance of SSL Inspection for Monitoring Employee Web Use

In the digital era, as businesses rapidly shift towards cloud-based solutions and web applications, maintaining the security and integrity of data has become paramount. One such technique that stands out in ensuring a secure web environment is Secure Socket Layer (SSL) encryption. While SSL helps in securing the data in transit between the client and the server, it poses challenges for organizations when it comes to monitoring and reporting on employee web use. Here’s where SSL inspection comes into play.

Understanding the Blind Spot: HTTPS without SSL Inspection

When an organization does not employ SSL inspection, the encrypted nature of HTTPS connections makes it difficult to have a clear view of the online activities of its employees. In such cases, only the domain name is visible, leaving a blind spot in understanding the exact nature of the content accessed. For example, an employee could access a permitted domain but navigate to inappropriate or risky pages within that domain, all while going unnoticed.

Peering into the Encrypted Tunnel: The Power of SSL Inspection

With SSL inspection enabled, organizations can decrypt and view the content of HTTPS connections. This offers numerous advantages:

  1. Content Type Visibility: By looking at the content type defined in the HTTPS header, organizations can determine the nature of content being transferred, be it images, JavaScript, CSS, or HTML. This helps in identifying if any unauthorized or harmful content types are being accessed.
  2. Identifying the Client with User Agent: The user agent in the HTTPS header provides information about the client making the connection. This includes details like the browser being used, the application, and the operating system. Knowing the user agent can be crucial in scenarios where certain browsers or applications have known vulnerabilities.
  3. Full URL Path Insight: Having visibility into the full URL path, as opposed to just the domain name, provides granular insight into the resources being accessed. This is particularly useful to pinpoint specific pages or resources that might be of concern.

In Conclusion

SSL inspection goes beyond just security; it’s about gaining clear visibility and understanding of employee web activity. This clarity ensures that the reports generated provide a true reflection of online behaviors, making them more accurate and informative. Without SSL inspection, organizations are merely scratching the surface, with a significant chunk of the web activity remaining concealed within the encrypted tunnel. In today’s cybersecurity landscape, where every bit of detail matters, SSL inspection emerges as a critical tool for ensuring both security and compliance.

New Wavecrest root certificate for CyBlock customers

The root certificate has been updated from an SHA-1 to SHA-512 certificate. SHA-1 is no longer considered an adequate encryption level, and browsers are gradually not accepting it in the existing Wavecrest certificate. However, the existing Wavecrest certificate can coexist with the new certificate and does not need to be uninstalled. Existing customers must install the new certificate before upgrading.

To allow the CyBlock blocking message to render properly for blocked secure sites or to permit users to access allowed secure sites with SSL Inspection enabled, the new certificate needs to be installed on the CyBlock server and all client machines. More information and installation instructions can be found in the Wavecrest Certificate SHA-512 Installation Guide.

If you need assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

How to resolve certificate-issued errors in browser

When attempting to go to a blocked secure site (HTTPS), users may experience any one of the following errors depending on the browser:

  • In Internet Explorer: There is a problem with this website’s security certificate.

CertError

  • In Chrome: Your connection is not private

CertError_Chrome

  • In Firefox: Your connection is not secure

CertError_Firefox

These are certificate-issued errors that occur if the Wavecrest certificate is not installed in the following scenarios:

  1. SSL Inspection is not enabled, and the user is attempting to go to a blocked secure site.
  2. SSL Inspection is enabled, and the user is is attempting to go to a blocked or allowed secure site.

The user does not receive the CyBlock blocking message for blocked secure sites. This is because even though a standard HTTP blocking page can still be presented to a workstation for blocked secure sites, since it is not part of the secure, encrypted HTTPS connection, the browser automatically ignores it.

To allow the blocking message to render properly for blocked secure sites or to permit users to access allowed secure sites with SSL Inspection enabled, the Wavecrest certificate needs to be installed on the CyBlock server and all client machines. More information and installation instructions can be found in the Wavecrest Certificate Installation Guide.

If you have any questions, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.

Setting up the Wavecrest certificate for cloud users

If you are a CyBlock Cloud customer, you probably want to allow your cloud users to access secure sites (https://) and need to inspect this HTTPS traffic to ensure that your network is protected from Web threats and to enforce your AUP. The SSL Inspection feature in CyBlock Cloud allows you to inspect this HTTPS activity, but requires that you install the Wavecrest root certificate on your cloud users’ browsers. If the Wavecrest root certificate is not installed in the browser, a certificate warning message will be issued that must be accepted in order to display your blocking message.

Another reason to install the Wavecrest root certificate is if using cookie authentication to confirm the identity of users accessing the Internet through your network. The cookie authentication logon page that is presented to your users is a secure page and is automatically inspected. Therefore, to avoid your users receiving a certificate error, install the certificate on your users’ browsers.

The certificate may be installed in the following ways:

  • Through the browser
  • Using Active Directory GPO
  • Using Microsoft Management Console

The Wavecrest Certificate Installation Guide provides instructions on installing the certificate using Internet Explorer/Google Chrome and Firefox, importing it using Active Directory, and installing it in Windows 7 Professional/Enterprise.

If you need assistance, please contact Technical Support at (321) 953-5351, Ext. 4 or support@wavecrest.net.