HTTPS usage has skyrocketed over the last few years, largely due to the “Snowden effect.” Today, the US government mandated that federal web sites must use HTTPS. Ultimately, this is a good thing. However, malicious actors can hide in HTTPS too. Watch today’s video to learn what you should do to secure HTTPS.
(Episode Runtime: 2:48)
Direct YouTube Link: https://www.youtube.com/watch?v=sceDGVyyQXw
- US Government makes HTTPS a federal standards – Silicon Republic
- The HTTPS-Only standard – CIO.gov
— Corey Nachreiner, CISSP (@SecAdept)
What configuration changes are needed before a WG firewall can inspect HTTPS?
Corey Nachreiner says
You need to configure the HTTPS Proxy or ALG (application layer gateway). The most important part of the configuration, however, is actually going to the XTM or Firebox’s certificate store and getting our CA Certificate for the HTTPS proxy. In order to keep the trust chain for HTTPS working (so that all your users don’t get a message that HTTPS is broken), you need to distribute this certificate to all your internal users, so they can add it to their browser certificate store. You can use Microsoft group policy to do that easily. If you check out our help, there are instructions for setting it up.
Our XTM 515 HTTPS Proxy for IPS provide no Forward Secrecy. Is there a update planed?