Cisco WSA Acceptable Use and HTTPS inspection
In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the 5th part of the series
How can you enforce the Acceptable use?
Acceptable use is mostly defined by Application Visibility Control (AVC). Websites are classified by a URL lookup in the cisco database, based on the URL itself, or a dynamic scan of the website.
To configure this, click Security Services > Acceptable Use Controls
AVC is enabled by default.
HTTPS Inspection (HTTPS Proxy)
It’s getting more important to decrypt HTTPS sessions to check against your policies. You can receive a lot of nasty stuff inside your HTTPS session. But there is one major drawback: the WSA shows the user a SSL certificate of the WSA appliance. In almost all circumstances this certificate wouldn’t match all requirements, so the users receive SSL certificate errors. Make sure your users are familiar with your HTTPS inspection!
How does it works? It’s pretty simple: the WSA creates the HTTPS session to the webserver and creates a new HTTPS session to the user. The responses from the webserver are checked and scanned and deliverd over the new HTTPS session to the user.
Note: this feature is licensed!
To enable HTTPS proxy click Security Services > HTTPS Proxy
As you can see, all these options and behaviours are specific for every implementation. So, I’m not talking about this in detail. All the available options are very straight forward. Don’t forget to create your required Access Policy!
To finetune the HTTPS web reputation, click Web Security Manager > Decryption Policies > Web Reputation and configure the required repuration. This should be configured and tested by trial and error. The position of the slider will define which websites (with a specific reputation) are decrypted and checked.
Create your HTTPS inspection profiles by clicking Web Security Manager > Decryption Profiles. This screen should be familiar, it’s the same as the HTTP inspection policies.