HTTPS redirects to HTTP for monitoring

nanog at jack.fr.eu.org nanog at jack.fr.eu.org
Sun Jan 18 15:24:05 UTC 2015


>From my point of view, it is better than violate user privacy & safety.

Sneaky is evil.

On 18/01/2015 15:53, Ammar Zuberi wrote:
> So your idea is to block every HTTPS website?
> 
> 
>> On 18 Jan 2015, at 6:48 pm, Ca By <cb.list6 at gmail.com> wrote:
>>
>>> On Sunday, January 18, 2015, Grant Ridder <shortdudey123 at gmail.com> wrote:
>>>
>>> Hi Everyone,
>>>
>>> I wanted to see what opinions and thoughts were out there.  What software,
>>> appliances, or services are being used to monitor web traffic for
>>> "inappropriate" content on the SSL side of things?  personal use?
>>> enterprise enterprise?
>>>
>>> It looks like Websense might do decryption (
>>> http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
>>> some sort of session hijack to redirect to non-ssl (atleast for Google) (
>>> https://twitter.com/CovenantEyes/status/451382865914105856).
>>>
>>> Thoughts on having a product that decrypts SSL traffic internally vs one
>>> that doesn't allow SSL to start with?
>>>
>>> -Grant
>>
>> IMHO, it would be better to just block the service and say the encrypted
>> traffic is inconsistent with your policy instead of snooping it and
>> exposing sensitive data to your middle box.
>>
>> These boxes that violate end to end encryption are a great place for
>> hackers to steal the bank and identity info of everyone in your company.
>>
>> That sounds like a lot liablity to put on your shoulders.
>>
>> CB




More information about the NANOG mailing list