On Sunday, January 18, 2015, Ammar Zuberi <ammar@fastreturn.net> wrote:
So your idea is to block every HTTPS website?
My idea is to provide secure internet and tell the truth about it. Proxying And mitm SSL/TLS is telling a lie to the end user and exposing them and the proxying organization to a great deal of liability. If you cannot provide proper transport of TLS/SSL, then tell your users that. Dont fake it and undermine the ecosystem. Proxying secure traffic is extremely dangerous, you are pretty much creating trap door in the bank vault. It is going to hurt when the hackers find it and you are going to Be liable for undermining all the secure communications for all your users. Your call. Ymmv. May be you are especially lucky and the hackers wont find this weak spot in your network where all the most important encrypted info (Perosal and corporate) suddenly becomes clear text. My advice, dont do mitm, you cant afford it. It is only a matter of Time when the hackers get this info and steal the identity And drain the bank accounts of all your users.
On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6@gmail.com <javascript:;>> wrote:
On Sunday, January 18, 2015, Grant Ridder <shortdudey123@gmail.com <javascript:;>> wrote:
Hi Everyone,
I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise?
It looks like Websense might do decryption ( http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does some sort of session hijack to redirect to non-ssl (atleast for Google) ( https://twitter.com/CovenantEyes/status/451382865914105856).
Thoughts on having a product that decrypts SSL traffic internally vs one that doesn't allow SSL to start with?
-Grant
IMHO, it would be better to just block the service and say the encrypted traffic is inconsistent with your policy instead of snooping it and exposing sensitive data to your middle box.
These boxes that violate end to end encryption are a great place for hackers to steal the bank and identity info of everyone in your company.
That sounds like a lot liablity to put on your shoulders.
CB