User's Manual
Table Of Contents
- ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
- Contents
- About This Manual
- Chapter 1 Introduction
- Chapter 2 Using the Setup Wizard to Provision the STM in Your Network
- Choosing a Deployment Scenario
- Understanding the Steps for Initial Connection
- Logging In to the STM
- Using the Setup Wizard to Perform the Initial Configuration
- Setup Wizard Step 1 of 10: Introduction
- Setup Wizard Step 2 of 11: Networking Settings
- Setup Wizard Step 3 of 11: Time Zone
- Setup Wizard Step 4 of 11: Email Security
- Setup Wizard Step 5 of 11: Web Security
- Setup Wizard Step 6 of 11: Email Notification Server Settings
- Setup Wizard Step 7 of 11: Update Settings
- Setup Wizard Step 8 of 11: HTTP Proxy Settings
- Setup Wizard Step 9 of 11: Web Categories
- Setup Wizard Step 10 of 11: Configuration Summary
- Setup Wizard Step 11 of 11: Restarting the System
- Verifying Proper Installation
- Registering the STM with NETGEAR
- What to Do Next
- Chapter 3 Performing Network and System Management
- Configuring Network Settings
- Configuring Session Limits and Timeouts
- Configuring the HTTP Proxy Settings
- About Users with Administrative and Guest Privileges
- Configuring Remote Management Access
- Using an SNMP Manager
- Managing the Configuration File
- Updating the Software
- Configuring Date and Time Service
- Managing Digital Certificates
- Managing the Quarantine Settings
- Performance Management
- Chapter 4 Content Filtering and Optimizing Scans
- About Content Filtering and Scans
- Configuring E-mail Protection
- Configuring Web and Services Protection
- Configuring Application Control
- Setting Scanning Exclusions and Web Access Exceptions
- Chapter 5 Managing Users, Groups, and Authentication
- About Users, Groups, and Domains
- Configuring Groups
- Configuring User Accounts
- Configuring Authentication
- Global User Settings
- Viewing and Logging Out Active Users
- Chapter 6 Monitoring System Access and Performance
- Chapter 7 Troubleshooting and Using Online Support
- Appendix A Default Settings and Technical Specifications
- Appendix B Related Documents
- Index
ProSecure Web/Email Security Threat Management (STM) Appliance Reference Manual
4-36 Content Filtering and Optimizing Scans
v1.0, September 2009
HTTPS Scan Settings
HTTPS traffic is encrypted traffic that cannot be scanned otherwise the data stream would not be
secure. However, the STM can scan HTTPS traffic that is transmitted through an HTTP proxy, that
is, HTTPS traffic is scanned as a proxy between the HTTPS client and the HTTPS server.
Figure 4-15 shows the HTTPS scanning traffic flow.
The HTTPS scanning process functions with the following principles:
• The STM breaks up an SSL connection between an HTTPS server and an HTTP client in two
parts:
– A connection between the HTTPS client and the STM.
– A connection between the STM and the HTTPS server.
• The STM simulates the HTTPS server communication to the HTTPS client, including the SSL
negotiation, certificate exchange, and certificate authentication. In effect, the STM functions
as the HTTPS server for the HTTPS client.
• The STM simulates the HTTPS client communication to the HTTPS server, including the SSL
negotiation, certificate exchange, and certificate authentication. In effect, the STM functions
as the HTTPS client for the HTTPS server.
During SSL authentication, the HTTPS client authenticates three items:
• Is the certificate trusted?
• Has the certificate expired?
• Does the name on the certificate match that of the Web site?
Figure 4-15