Skip to content
Avanet
Encrypted traffic on the rise – enable HTTPS scanning

Encrypted traffic on the rise – enable HTTPS scanning

26. FEBRUARY 2018

In this article I’d like to take another look at the current state of HTTP and HTTPS. In a previous article, “HTTPS scanning: Why you should enable it on Sophos”, we already showed that websites are increasingly switching to HTTPS. While you used to need an expensive certificate, these are now available free of charge thanks to Let’s Encrypt and a few other providers.

HTTP is going to disappear

As we explained in our earlier blog post, HTTPS has spread very rapidly over the last few years. The article highlighted Google and Let’s Encrypt in particular, but by now, for example, Apple also requires its iOS developers to send server requests over HTTPS connections. This means that even connections we as users usually never see are now largely encrypted.

The real reason for revisiting this topic is a recent post on the Google Security Blog. In it, Google writes that as of February 2018, 81 of the top 100 sites on the web were already using HTTPS by default.

How Google is helping to phase out HTTP

Back at the beginning of 2017, Google announced that it would start marking HTTP sites as insecure. With Chrome version 68, scheduled for release in July 2018, Google is now putting that into practice. Any user browsing the internet with the latest version of Chrome will in future be warned when visiting insecure HTTP pages. It looks like this:

Google Chrome 68 – security warning for HTTP
Image source: security.googleblog.com

It goes without saying that no website owner wants their site to be classified as “Not secure” in the world’s most widely used browser (on both desktop and mobile). With this relatively small change, Google will most likely accelerate the decline of insecure HTTP connections even further.

Enable HTTPS scanning

Of course, this development also has an impact on security in your network. More than 50% of the web traffic passing through our firewall – and our customers’ firewalls – is already encrypted. It is therefore becoming increasingly important to scan HTTPS traffic as well; otherwise that traffic will enter your network unchecked.

If you have a valid license for Web Protection, we strongly recommend that you enable HTTPS scanning. If you need help doing so, just get in touch with us.

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.