HTTPS redirects to HTTP for monitoring
bill at herrin.us
Sun Jan 18 17:35:02 UTC 2015
On Sun, Jan 18, 2015 at 7:29 AM, Grant Ridder <shortdudey123 at gmail.com> wrote:
> I wanted to see what opinions and thoughts were out there. What software,
> appliances, or services are being used to monitor web traffic for
> "inappropriate" content on the SSL side of things? personal use?
> enterprise enterprise?
Fidelis Security (part of GD) does this for USG customers. Good guys
with a strong, scalable product.
Basically, all internal web browsers get a custom CA which
authenticates a re-signing cert. HTTPS traffic is decrypted by an IDS
agent, examined and then re-encrypted with the resigning cert.
You have to decide for yourself whether you really want to examine
your users' HTTPS traffic. It does create a rather hostile work
environment for the folks you're playing big brother to. Not quite
camera-in-the-men's-room hostile but hostile enough to deter quality
staff from seeking and maintaining employment.
William Herrin ................ herrin at dirtside.com bill at herrin.us
Owner, Dirtside Systems ......... Web: <http://www.dirtside.com/>
May I solve your unusual networking challenges?
More information about the NANOG