On Sun, Jan 18, 2015 at 5:29 AM, Grant Ridder <shortdudey123@gmail.com> wrote:
Hi Everyone,
I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise?
It looks like Websense might do decryption ( http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does some sort of session hijack to redirect to non-ssl (atleast for Google) ( https://twitter.com/CovenantEyes/status/451382865914105856).
Thoughts on having a product that decrypts SSL traffic internally vs one that doesn't allow SSL to start with?
-Grant
Admittedly I've only been on the user side of things for this, but IMO for cases like this MITM > striping. if your users need to access anything outside your intranet (google apps comes to mind right away, any kind of outsourced web-based training, etc) that requires SSL to function would be broken by stripping, but with MITMing the connection and having your internal certs set up properly, it won't even blip. that being said, squid can be configured to transparently decrypt and reencrypt the session. (http://wiki.squid-cache.org/Features/SslBump)