9
Perhaps surprisingly, remote application performance actually improves as a result of the acceleration techniques of
compression, caching, and HTTP optimizations integrated with the SSL interception techniques, if activated (by default caching
is not enabled for SSL traffic inspection). Correctly sized, Blue Coat ProxySG handles any size network, and accelerates overall
session performance.
Preventing Encrypted Malware Example
As part of forward proxy, the ProxySG with ProxyAV can prevent malware in encrypted sessions. Before the existence of an SSL
forward proxy, HTTPS sessions could transfer malicious content directly to a user’s desktop with no visibility available to the
network or systems administrator.
Internetintranet
Users
Web Applications
ProxyAV
Policy
ProxySG
Web Applications
Web Applications
Figure 8 – Forward ProxySG Inside the Corporate Firewall as a Secure Intermediary between the Remote Application Server and the Local Web Client.
Figure 8 shows ProxySG + ProxyAV in forward proxy mode. The ProxySG can terminate the session containing encrypted data
coming into the enterprise. At that point, data can be converted to “cleartext” and automatically inspected by the ProxySG to
determine compliance with corporate policy. Decisions on how to handle the data can be based on ProxySG’s advanced session
control policies that enable IT to set granular policies on which SSL sessions are intercepted, allowing organizations to adhere
to corporate or governmental rules on data privacy. ProxyAV can use a variety of proactive detection engines, including Sophos,
Panda, McAfee, and Kaspersky, to stop malware, spyware, and viruses. Any potentially malicious traffic is automatically
thwarted at that point, preventing any security breaches in the enterprise. Valid traffic is safely passed on to the Web browser
to complete the session.
ProxySG + ProxyAV in forward proxy mode enable organizations to protect the enterprise and its users by allowing IT to:
Gain visibility and control over SSL-encrypted traffic.>-
Control or stop rogue applications (e.g., IM, P2P) that use SSL (and universally open Port 443) to subvert enterprise controls and >-
security measures.
Analyze SSL-encrypted traffic for malware, viruses, worms, and Trojans, and stop them at the gateway.>-
Halt secured phishing and pharming attacks that use SSL to hide from IT controls or to increase the appearance of authenticity.>-
Scan all web traffic (in the clear and encrypted) for threats, using best of- breed proactive detection and scanning engines.>-
Control downloads, installers, and attachments with allow or deny blended policies based on reputation, source, destination, users, >-
group, time of day, or service.
Technology Primer: Secure Sockets Layer (SSL)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentários a estes Manuais