Educause Security Discussion mailing list archives
Re: Oxford and Google Apps
From: Kevin Wilcox <wilcoxkm () APPSTATE EDU>
Date: Tue, 19 Feb 2013 10:25:38 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Feb 19, 2013 at 02:46:25PM +0000, Sigmon, Aaron wrote:
At the previous educational institute I worked for, we added the google docs phishing URL's to a block list on our Palo Alto's. This was achieved by creating a custom URL category called "Phishing Links", and then used SSL-Decryption on that custom category for it to decrypt the SSL session and block the URL.
The same can be achieved for significantly less cash using Squid as an SSL proxy (of course, that means you need folks who understand the intricacies of proxying content and Unix or Linux in general...). The kicker for either is that you have to terminate the SSL connections on the proxy and a lot of institutions have very vocal faculty who take offence to that. InfoSec may take offence to it as well, depending on who controls the proxies (a lot of institutions still have InfoSec as a joint networking/systems function, even if they have the equivalent of an ISO/CISO). As much as it's a game of whack-a-mole, I still think that SSL decryption and blocking as you're made aware of them is The Right Thing To Do -- defence-in-depth and all that. kmw PS - Aaron, congratulations on the new .edu address! - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEjmWgACgkQsKMTOtQ3fKGV2ACgldXBiS/WRyDwBIG9dge9+Wy0 mUAAmwS50QyPDOBWnJgy5qe3TyuHey2h =0tjs - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEjmXIACgkQsKMTOtQ3fKFzfACcC2XGyyoOgAMnbeS5ihulIeKf CAcAnRP820vo6Cb3aAsks5d9xrKPuyLO =GoLb -----END PGP SIGNATURE-----
Current thread:
- Re: Oxford and Google Apps, (continued)
- Re: Oxford and Google Apps Bob Bayn (Feb 19)
- Re: Oxford and Google Apps Santabarbara, Angelo (Feb 19)
- Re: Oxford and Google Apps Roger A Safian (Feb 19)
- Re: Oxford and Google Apps King, Ronald A. (Feb 19)
- Re: Oxford and Google Apps David Opitz (Feb 19)
- Re: Oxford and Google Apps Mike Porter (Feb 19)
- Re: Oxford and Google Apps David Gillett (Feb 19)
- Re: Oxford and Google Apps Tim Doty (Feb 19)
- Re: Oxford and Google Apps Justin C. Klein Keane (Feb 19)
- Re: Oxford and Google Apps Sigmon, Aaron (Feb 19)
- Re: Oxford and Google Apps Kevin Wilcox (Feb 19)
- Re: Oxford and Google Apps Oscar Knight (Feb 19)