HTTPS redirects to HTTP for monitoring

Ca By cb.list6 at gmail.com
Sun Jan 18 14:48:49 UTC 2015


On Sunday, January 18, 2015, Grant Ridder <shortdudey123 at gmail.com> wrote:

> Hi Everyone,
>
> I wanted to see what opinions and thoughts were out there.  What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things?  personal use?
> enterprise enterprise?
>
> It looks like Websense might do decryption (
> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
> some sort of session hijack to redirect to non-ssl (atleast for Google) (
> https://twitter.com/CovenantEyes/status/451382865914105856).
>
> Thoughts on having a product that decrypts SSL traffic internally vs one
> that doesn't allow SSL to start with?
>
> -Grant
>

IMHO, it would be better to just block the service and say the encrypted
traffic is inconsistent with your policy instead of snooping it and
exposing sensitive data to your middle box.

These boxes that violate end to end encryption are a great place for
hackers to steal the bank and identity info of everyone in your company.

That sounds like a lot liablity to put on your shoulders.

CB



More information about the NANOG mailing list