Departments should consider an HTTPS architecture that allows network security services to function, including web application firewalls (WAF) and network intrusion detection systems (NIDS), when traffic is encrypted. This will usually involve the placement of an SSL (TLS) offloading solution to decrypt HTTPS traffic, typically in the form of appliances or an onboard service on the existing appliances, in front of web servers; or the installation of software-based WAF or NIDS on the web servers where the traffic is decrypted for business processing. | Departments should consider an HTTPS architecture that allows network security services to function, including web application firewalls (WAF) and network intrusion detection systems (NIDS), when traffic is encrypted. This will usually involve the placement of an SSL (TLS) offloading solution to decrypt HTTPS traffic, typically in the form of appliances or an onboard service on the existing appliances, in front of web servers; or the installation of software-based WAF or NIDS on the web servers where the traffic is decrypted for business processing. |