We live in times of high risk to individuals and organizations. Data is frequently stolen. As a result, the popularity of SSL encryption has increased rapidly for logical reasons (and continues to increase rapidly). According to Mozilla, half of Internet traffic is currently encrypted. SSL encryption is a powerful weapon in data security battle, but its biggest advantage is the biggest weakness. Encryption hides at-risk data. However, it can hide other things that are not so harmless. Cybercriminals can use SSL encryption to conceal malware and other unwanted software in encrypted data and prevent them from entering the corporate network and being detected.
SSL and Other Encryption Methods
The two methods of encrypting network traffic on the Web are SSL and S-HTTP. With Secure Sockets Layer (SSL) and subsequent Transport Layer Security (TLS), client and server computers can manage encryption and SSL decryption activities during secure Web sessions. Secure Hypertext Transfer Protocol (S-HTTP) is another way of encrypting data flowing over the Internet, but limited to one message. SSL and TLS are for establishing a secure connection between the two computers. It can not check data encrypted with SSL, so it is necessary to decrypt before checking the data.
How it Works
Normally, connections are passed through an access control policy to determine whether the connections are allowed or closed. However, if you enable SSL encryption policy, encryption connections will be sent to the SSL encryption policy to determine if the return logs will first be reset. Unencrypted connections go through the access control policy of the final decision / barring decision whether or not they are allowed through. The SSL encryption policy must be enabled in order to implement the authentication policy. If you enable SSL encryption to enable the verification policy, if you do not want to perform SSL encryption, you will need to initialize the primary action and not create an SSL add-ons rule. The confirmation policy automatically generates all the required rules.
To apply an active authentication rule in an identity policy, you need to enable the SSL decryption policy. If you do not want to implement SSL decryption even if enabling SSL decryption and enabling ID policy, please choose "Do not decrypt" as the default action and do not create additional SSL decryption rules. The policy automatically generates the necessary rules.
Before the SSL decryption policy evaluates the connection, traffic to the VPN connection (site-to-site and remote access) is decrypted. Therefore, the SSL decryption rules do not apply to VPN connections, so you do not need to consider VPN connections when creating these rules. But an HTTPS connection connected to an internal server via RA VPN is evaluated by the SSL decryption rule even if the RA VPN tunnel itself is not decrypted.
If you upgraded from not having a SSL decryption policy, but you configured an identity policy with active authentication rules, the SSL decryption policy is in effect. Be sure to select the decrypted re-signed certificate you want to use, and enable the predefined rule as an option. If you set the policy once and then disable it, re-enable it using the previous settings and rules. By clicking the SSL decryption setting button, you can adjust settings through the re-signing of decrypted certificates.
When SSL encryption is enabled for end users, SSL encrypted traffic will be decrypted, checked and re-encoded before being sent. This allows the cloud proxy server to be issued by a user's login page.
At the basic level, encryption of SSL occurs when confidential data transforms into an unchangeable "cipher text". SSL encryption occurs when the "encrypted text" returns as root. This requires a key to instruct how to decrypt the encrypted message.
By implementing SSL decryption, you can decrypt the connection, make sure that the connection does not contain threats or other unnecessary traffic, and then re-encrypt them before proceeding with the connection. The decrypted traffic goes through the access control policy and is based on the checked function of the checked connection, not the matching rule of the encryption function. This you to control access to information.