HTTPS redirects to HTTP for monitoring
Ammar Zuberi
ammar at fastreturn.net
Sun Jan 18 14:53:41 UTC 2015
So your idea is to block every HTTPS website?
> On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6 at gmail.com> wrote:
>
>> On Sunday, January 18, 2015, Grant Ridder <shortdudey123 at gmail.com> wrote:
>>
>> Hi Everyone,
>>
>> I wanted to see what opinions and thoughts were out there. What software,
>> appliances, or services are being used to monitor web traffic for
>> "inappropriate" content on the SSL side of things? personal use?
>> enterprise enterprise?
>>
>> It looks like Websense might do decryption (
>> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
>> some sort of session hijack to redirect to non-ssl (atleast for Google) (
>> https://twitter.com/CovenantEyes/status/451382865914105856).
>>
>> Thoughts on having a product that decrypts SSL traffic internally vs one
>> that doesn't allow SSL to start with?
>>
>> -Grant
>
> IMHO, it would be better to just block the service and say the encrypted
> traffic is inconsistent with your policy instead of snooping it and
> exposing sensitive data to your middle box.
>
> These boxes that violate end to end encryption are a great place for
> hackers to steal the bank and identity info of everyone in your company.
>
> That sounds like a lot liablity to put on your shoulders.
>
> CB
More information about the NANOG
mailing list