nanog mailing list archives
Re: HTTPS redirects to HTTP for monitoring
From: kendrick eastes <keastes () gmail com>
Date: Sun, 18 Jan 2015 05:41:49 -0700
On Sun, Jan 18, 2015 at 5:29 AM, Grant Ridder <shortdudey123 () gmail com> wrote:
Hi Everyone, I wanted to see what opinions and thoughts were out there. What software, appliances, or services are being used to monitor web traffic for "inappropriate" content on the SSL side of things? personal use? enterprise enterprise? It looks like Websense might do decryption ( http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does some sort of session hijack to redirect to non-ssl (atleast for Google) ( https://twitter.com/CovenantEyes/status/451382865914105856). Thoughts on having a product that decrypts SSL traffic internally vs one that doesn't allow SSL to start with? -Grant
Admittedly I've only been on the user side of things for this, but IMO for cases like this MITM > striping. if your users need to access anything outside your intranet (google apps comes to mind right away, any kind of outsourced web-based training, etc) that requires SSL to function would be broken by stripping, but with MITMing the connection and having your internal certs set up properly, it won't even blip. that being said, squid can be configured to transparently decrypt and reencrypt the session. (http://wiki.squid-cache.org/Features/SslBump)
Current thread:
- HTTPS redirects to HTTP for monitoring Grant Ridder (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring kendrick eastes (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Andy Brezinsky (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring Tim Franklin (Jan 20)
- Re: HTTPS redirects to HTTP for monitoring William Herrin (Jan 20)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 19)
- Re: HTTPS redirects to HTTP for monitoring Ca By (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Ammar Zuberi (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring nanog (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring John Levine (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Ca By (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring John R. Levine (Jan 18)
- Re: HTTPS redirects to HTTP for monitoring Ammar Zuberi (Jan 18)