Nowadays, a majority of the security solutions deployed in companies (firewalls, intrusion detection systems, ...) include the possibility of intercepting SSL encrypted traffic (used by HTTPS, POP3S, SMTPS, XXXS). This interception can sometimes be enabled by default. In consequence, every encrypted stream is deciphered without informing the users about it. To respect the users' privacy, this feature has to be known by them who could then respond accordingly. This is usually done by signing an IT charter.
The configuration of FortiGate by the administrator is the following one. It is enough in a configuration panel to apply to a filter the inspection SSL. Beforehand, the certificate used for the inspection of the cipher web streams will have been installed on the computers of the network so as to eliminate the alerts bound to the self-signed certificates.
Now, we can notice the logs of the computer aimed by the SSL Inspection. It is also possible to reach packages more precisly to look at the passwords for example.
Our Firefox extension allows to highlight this practice. We see that the certificate presented by Outlook is the one in reality of FortiGate. Above on the left, CheckmyHTTPS shows us clearly by its red color which the certificate presented by Outlook postpones from the one that the customer sees. It is thus the proof of an interception SSL.
Malicious interception of encrypted web streams is nowadays very common, and is getting easier and easier to exploit. An attacker connected to an unsecured local network (at home or in a company) can easily use these techniques to intercept, analyse, and edit those supposedly secure connections.
By default, antiviruses such as Avast! Or Kaspersky intercepts and decipher your secure connections. The editors of these antiviruses justify these practices by saying that they want to protect the user from malicious content which could be found on HTTPS websites. However, it allows their software to be able to read your encrypted connections (Reminder: an antivirus is connected to its editor website for updates and such...)
Below, screenshots of CheckMyHTTPS highlighting these practices: