HTTPS redirects to HTTP for monitoring

• Previous message (by thread): HTTPS redirects to HTTP for monitoring
• Next message (by thread): HTTPS redirects to HTTP for monitoring
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So your idea is to block every HTTPS website?


> On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6 at gmail.com> wrote:
> 
>> On Sunday, January 18, 2015, Grant Ridder <shortdudey123 at gmail.com> wrote:
>> 
>> Hi Everyone,
>> 
>> I wanted to see what opinions and thoughts were out there.  What software,
>> appliances, or services are being used to monitor web traffic for
>> "inappropriate" content on the SSL side of things?  personal use?
>> enterprise enterprise?
>> 
>> It looks like Websense might do decryption (
>> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
>> some sort of session hijack to redirect to non-ssl (atleast for Google) (
>> https://twitter.com/CovenantEyes/status/451382865914105856).
>> 
>> Thoughts on having a product that decrypts SSL traffic internally vs one
>> that doesn't allow SSL to start with?
>> 
>> -Grant
> 
> IMHO, it would be better to just block the service and say the encrypted
> traffic is inconsistent with your policy instead of snooping it and
> exposing sensitive data to your middle box.
> 
> These boxes that violate end to end encryption are a great place for
> hackers to steal the bank and identity info of everyone in your company.
> 
> That sounds like a lot liablity to put on your shoulders.
> 
> CB

• Previous message (by thread): HTTPS redirects to HTTP for monitoring
• Next message (by thread): HTTPS redirects to HTTP for monitoring
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]