Cisco WSA Acceptable Use and HTTPS inspection
In this and other posts we’ll discuss the Cisco Web Security Appliance. This is the blog agenda:
Part 1: Introduction
Part 2: Installing
Part 3: Deploying Proxy Services
Part 4: Policies
Part 5: Acceptable use & HTTPS Inspection
Part 6: Authentication
Part 7: Defending malware
This is the 5th part of the series
How can you enforce the Acceptable use?
Acceptable use is mostly defined by Application Visibility Control (AVC). Websites are classified by a URL lookup in the cisco database, based on the URL itself, or a dynamic scan of the website.
To configure this, click Security Services > Acceptable Use Controls
AVC is enabled by default.
HTTPS Inspection (HTTPS Proxy)
It’s getting more important to decrypt HTTPS sessions to check against your policies. You can receive a lot of nasty stuff inside your HTTPS session. But there is one major drawback: the WSA shows the user a SSL certificate of the WSA appliance. In almost all circumstances this certificate wouldn’t match all requirements, so the users receive SSL certificate errors. Make sure your users are familiar with your HTTPS inspection!
How does it works? It’s pretty simple: the WSA creates the HTTPS session to the webserver and creates a new HTTPS session to the user. The responses from the webserver are checked and scanned and deliverd over the new HTTPS session to the user.