{"id":439,"date":"2019-08-14T11:21:26","date_gmt":"2019-08-14T11:21:26","guid":{"rendered":"https:\/\/www.rapidsslonline.com\/ssl\/?p=439"},"modified":"2019-11-27T11:20:55","modified_gmt":"2019-11-27T11:20:55","slug":"ssl-inspection","status":"publish","type":"post","link":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/","title":{"rendered":"SSL Inspection: Blessing or Curse?"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" width=\"1024\" height=\"614\" data-src=\"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg\" alt=\"SSL Inspection\" class=\"wp-image-440 lazyload\" data-srcset=\"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg 1024w, https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-300x180.jpg 300w, https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-768x461.jpg 768w, https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920.jpg 1920w\" data-sizes=\"(max-width: 1024px) 100vw, 1024px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/614;\" \/><figcaption>SSL Inspection<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Everything&nbsp;You&nbsp;Need to&nbsp;Know&nbsp;About SSL Inspection&nbsp; <\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Introduction: Need for SSL&nbsp;Inspection (a.k.a.&nbsp;HTTPS Interception)&nbsp; <\/h3>\n\n\n\n<p>With HTTP, all the data transferred between a website (server) and the user (browser) is in plain text, so if&nbsp;anyone manages to get access to the data in transit, they can read, interpret, and tamper&nbsp;with it. SSL certificates encrypt all the data in transit using a strong algorithm to&nbsp;keep the data&nbsp;secure.&nbsp;<\/p>\n\n\n\n<p>The problem with SSL encryption is that it encrypts all data,&nbsp;so that&nbsp;even malicious data&nbsp;is&nbsp;encrypted and&nbsp;can&nbsp;reach its&nbsp;intended victim without getting noticed.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An&nbsp;SSL certificate can\u2019t discriminate between harmful and harmless data. That\u2019s why its encryption facility is exploited by attackers to hide viruses, spyware, and other malware.&nbsp;<\/li><li>With&nbsp;domain validated (DV) SSL, certificate authorities verify only domain ownership. So, it is very easy for attackers to enable SSL encryption on their own website and spread malware.&nbsp;<\/li><li>Incidents of data leakage can also go unnoticed if the attackers are using&nbsp;an&nbsp;HTTPS channel while smuggling the data&nbsp;out. (For example, sneaking out digital documents&nbsp;with&nbsp;trade secrets from the organization\u2019s network.)&nbsp;<\/li><\/ul>\n\n\n\n<p>To&nbsp;stop&nbsp;such exploitation, SSL inspection came into the wrestling ring.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How Does SSL Inspection Work?&nbsp; <\/h2>\n\n\n\n<p>In traditional SSL mechanism, the data&nbsp;is&nbsp;encrypted and reaches&nbsp;to the intended receiver without being interrupted in the middle. In SSL inspection, there is an interception device sitting in the middle that scans and filters&nbsp;the data before it reaches the other party.&nbsp;&nbsp;<\/p>\n\n\n\n<p>This interception device (also known as the middlebox) decrypts the incoming data, removes&nbsp;the suspicious data (if any), then once again encrypts the data and sends it to the intended user. It is like a man-in-the-middle attack but done with consent and noble intentions.&nbsp;&nbsp;<\/p>\n\n\n\n<p>SSL inspection works for both inbound and outbound traffic.&nbsp;This means that&nbsp;it intercepts the traffic going both ways, sever to browser and browser to the server.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter is-resized\"><img decoding=\"async\" data-src=\"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/image.png\" alt=\"ssl inspection firewall\" class=\"wp-image-441 lazyload\" width=\"579\" height=\"184\" data-srcset=\"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/image.png 694w, https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/image-300x96.png 300w\" data-sizes=\"(max-width: 579px) 100vw, 579px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 579px; --smush-placeholder-aspect-ratio: 579\/184;\" \/><\/figure><\/div>\n\n\n\n<p>There are 2 popular products used for SSL inspection.&nbsp;&nbsp;<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Commercial hardware devices which perform traffic inspection on corporate networks. It enables administrators to monitor the data transferred to,&nbsp;from, and within the organizations.&nbsp;<\/li><li>Anti-virus software and firewalls, which&nbsp;are&nbsp;usually run on users\u2019 computers.&nbsp;<\/li><\/ol>\n\n\n\n<div style=\"height:33px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Disadvantages of HTTPS Interception&nbsp; <\/h2>\n\n\n\n<p>With SSL inspection, 2 separate SSL connections are made. One is between the server and the interception device, and another is between the browser and interception device. As you can imagine, the entire success of SSL inspection concept is depended upon the competence of the interception device.&nbsp;&nbsp;<\/p>\n\n\n\n<p>To check the efficiency of the middlebox, a study was conducted by a team of cryptography industry&nbsp;experts,&nbsp;including Zakir&nbsp;Durumeric, Zane Ma, Drew Springall, Elie&nbsp;Bursztein, Nick Sullivan, Richard Barnes, Michael Bailey, J. Alex Halderman and Vern Paxson. According to&nbsp;their&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/jhalderm.com\/pub\/papers\/interception-ndss17.pdf\" target=\"_blank\">research report<\/a>, 62% of middlebox connections were less secure, and an astounding 58% had severe vulnerabilities enabling later interception. They also investigated popular anti-virus and corporate proxies and found that nearly all of them (except Blue Coat by Symantec) reduced connection security and introduced vulnerabilities. They are using outdated cryptography to decrypt and re-encrypt the traffic, which significantly weakens the HTTPS and reduce the overall safety of the user&#8217;s data.&nbsp;&nbsp;(This study is a few years old, so some improvements in the technology have been implemented since then.)&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Final thoughts,&nbsp; <\/h3>\n\n\n\n<p>\n\nSSL inspection is an excellent concept-theory wise. We don\u2019t want to let malware or data leaks be encrypted and make its way right under our noses without getting&nbsp;noticed. As we mentioned before, the SSL inspection concept relies heavily on the efficiency of the middlebox.&nbsp;So&nbsp;if you enable SSL inspection, it\u2019s critical that you select and configure a device that will maximize the security and efficiency of inspection.&nbsp;\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Everything&nbsp;You&nbsp;Need to&nbsp;Know&nbsp;About SSL Inspection&nbsp; Introduction: Need for SSL&nbsp;Inspection (a.k.a.&nbsp;HTTPS Interception)&nbsp; With HTTP, all the data transferred between a website (server) and the user (browser) is in plain text, so if&nbsp;anyone<\/p>\n<div class=\"article-wpr-button\"><a href=\"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/\" class=\"btn btn-green\">Read More<\/a><\/p>\n<div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":{"0":"post-439","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-ssl-advanced"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SSL Inspection- How Does It Work? Review by Technology Experts<\/title>\n<meta name=\"description\" content=\"Everything You Need to Know About SSL Inspection. How Does SSL Inspection Work? What is the Need of it? Disadvantages of HTTPS Interception.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSL Inspection- How Does It Work? Review by Technology Experts\" \/>\n<meta property=\"og:description\" content=\"Everything You Need to Know About SSL Inspection. How Does SSL Inspection Work? What is the Need of it? Disadvantages of HTTPS Interception.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/\" \/>\n<meta property=\"og:site_name\" content=\"SSL\/TLS Certificates\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/rsosslcertificates\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-14T11:21:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-27T11:20:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg\" \/>\n<meta name=\"author\" content=\"rsossladmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@RSOSSL\" \/>\n<meta name=\"twitter:site\" content=\"@RSOSSL\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"rsossladmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSL Inspection- How Does It Work? Review by Technology Experts","description":"Everything You Need to Know About SSL Inspection. How Does SSL Inspection Work? What is the Need of it? Disadvantages of HTTPS Interception.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/","og_locale":"en_US","og_type":"article","og_title":"SSL Inspection- How Does It Work? Review by Technology Experts","og_description":"Everything You Need to Know About SSL Inspection. How Does SSL Inspection Work? What is the Need of it? Disadvantages of HTTPS Interception.","og_url":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/","og_site_name":"SSL\/TLS Certificates","article_publisher":"https:\/\/www.facebook.com\/rsosslcertificates\/","article_published_time":"2019-08-14T11:21:26+00:00","article_modified_time":"2019-11-27T11:20:55+00:00","og_image":[{"url":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg","type":"","width":"","height":""}],"author":"rsossladmin","twitter_card":"summary_large_image","twitter_creator":"@RSOSSL","twitter_site":"@RSOSSL","twitter_misc":{"Written by":"rsossladmin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#article","isPartOf":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/"},"author":{"name":"rsossladmin","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/person\/3e29357f5e5d2c9349d69af7ee7e0361"},"headline":"SSL Inspection: Blessing or Curse?","datePublished":"2019-08-14T11:21:26+00:00","dateModified":"2019-11-27T11:20:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/"},"wordCount":700,"commentCount":0,"publisher":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization"},"image":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg","articleSection":["SSL Advanced"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/","url":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/","name":"SSL Inspection- How Does It Work? Review by Technology Experts","isPartOf":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#primaryimage"},"image":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920-1024x614.jpg","datePublished":"2019-08-14T11:21:26+00:00","dateModified":"2019-11-27T11:20:55+00:00","description":"Everything You Need to Know About SSL Inspection. How Does SSL Inspection Work? What is the Need of it? Disadvantages of HTTPS Interception.","breadcrumb":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#primaryimage","url":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920.jpg","contentUrl":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/08\/network-3472956_1920.jpg","width":1920,"height":1152},{"@type":"BreadcrumbList","@id":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-inspection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"SSL Resources","item":"https:\/\/www.rapidsslonline.com\/ssl\/"},{"@type":"ListItem","position":2,"name":"SSL Advanced","item":"https:\/\/www.rapidsslonline.com\/ssl\/ssl-advanced\/"},{"@type":"ListItem","position":3,"name":"SSL Inspection: Blessing or Curse?"}]},{"@type":"WebSite","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#website","url":"https:\/\/www.rapidsslonline.com\/ssl\/","name":"SSL\/TLS Certificates","description":"Secure a website in few minutes with Trusted SSL Certificate","publisher":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rapidsslonline.com\/ssl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#organization","name":"RapidSSLOnline","url":"https:\/\/www.rapidsslonline.com\/ssl\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/logo\/image\/","url":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/10\/rapidsslonline-logo.png","contentUrl":"https:\/\/www.rapidsslonline.com\/ssl\/wp-content\/uploads\/2019\/10\/rapidsslonline-logo.png","width":266,"height":39,"caption":"RapidSSLOnline"},"image":{"@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/rsosslcertificates\/","https:\/\/x.com\/RSOSSL","https:\/\/in.linkedin.com\/company\/rapidsslonline-com"]},{"@type":"Person","@id":"https:\/\/www.rapidsslonline.com\/ssl\/#\/schema\/person\/3e29357f5e5d2c9349d69af7ee7e0361","name":"rsossladmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cf2ab5c0a7dc43f8ef0e96e302af463c71e9fccb9c0392857a20c0cc593a1b65?s=96&d=mm&r=g","caption":"rsossladmin"}}]}},"_links":{"self":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":0,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rapidsslonline.com\/ssl\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}