Secure Computing SSL Scanner Manual de usuario descargar pdf (Pagina 18)

How Secure is the ProxySG Itself?

The Blue Coat ProxySG has its own, patented, operating system known as SGOS (secure gateway operating system). SGOS is

a proprietary, object-oriented operating system. As such, the fully proprietary “object store/cache” does not use a ﬁle system

common to operating systems like Linux, UNIX, and Windows. Files are written in blocks, often non-contiguously, based on

free-space availability. The ProxySG object cache is not an authoritative data store; there is no ﬁle editor, directories, or viewer

available. In fact, no disk analysis tools exist outside of SGOS itself to reconstruct a full data ﬁle from the constituent data

blocks. Creation of such a tool would require detailed knowledge of SGOS internal architecture and data structures. Further,

when a disk from one ProxySG is inserted into another ProxySG, all reference information for data fragments is immediately

overwritten and the ﬁles themselves effectively lost. In this way, the data security and privacy risks are minimal.

Secure portions of the ProxySG conﬁguration (private keys, passwords, etc.) are stored with strong encryption so that drive

theft will not compromise network security. These same portions of the conﬁguration are intentionally excluded from all

debugging and troubleshooting data for similar reasons.

The SGOS byte cache stores patterns that appear in data streams, within and between ﬁles. Though data is retained, it is never

a full ﬁle and there is no retention of the original order of the sequence(s).

SGOS is both NIAP and ICSA certiﬁed. NIAP is a product security certiﬁcation that is required by US government customers

and tests the products for security vulnerabilities. ICSA certiﬁcation is conducted by ICSA Labs. The goal for ICSA Labs

certiﬁcation is to enhance and improve security implementations of network and Internet computing, which improves

commercial security and its use of appropriate security products, services, policies, techniques, and procedures. Certiﬁcation

enforces overall conﬁdence in computing and drives enhanced security measures while at the same time decreasing the

intrusion of security measures in everyday life. Certiﬁcation also promotes user acceptance of increased security while

improving the ease of use, and the invisible, automatic, and seamless integration of security technology in everyday computing.

Conclusion

SSL has become the universal standard for authenticating web sites to web browsers, and for encrypting communications

between web browsers and web servers. However, SSL poses a security threat, is CPU-intensive, and degrades web server

performance, so organizations have typically deployed SSL in a limited fashion. Delivering applications over long, skinny WAN

pipelines is no easy feat, and the presence of impenetrable SSL tunnels has made it impossible to secure and accelerate a

growing part of that trafﬁc.

By integrating SSL processing with its appliances, Blue Coat Systems has eliminated the bottlenecks that served as barriers to

widespread implementations of SSL. Companies can now apply SSL to more content without compromising network security

or degrading the performance of their web sites. The Blue Coat ProxySG appliances can intercept and validate SSL trafﬁc all

while providing SSL processing and high speed caching, allowing the device to serve object requests, so the request does not

need to return to the origin server for processing. Through ofﬂoading both SSL processing and object request from the origin

servers, Blue Coat ProxySG increases throughput and cuts user response times for any secure web site. By tunneling and/or

intercepting HTTPS trafﬁc, Blue Coat ProxySG appliances provide the ability to apply policy to otherwise encrypted trafﬁc.

Technology Primer: Secure Sockets Layer (SSL)

1 2 ... 13 14 15 16 17 18 19 20 21 22

Sin comentarios

Secure Computing SSL Scanner Manual de usuario Pagina 18